CVE-2024-3937: Maximum Severity Authentication Bypass Vulnerability in Juniper Routers

Share :

On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations. High-availability redundant configurations that ensure high availability are frequently utilized to support critical infrastructure networks such as data centers, telecommunications, public services, and government operations, among other critical infrastructure networks. CVE-2024-3937 allows remote threat actors to bypass authentication and gain full control of a device. 

Arctic Wolf has not observed active exploitation of this vulnerability or identified publicly available proof-of-concept (PoC) exploit code. Nevertheless, threat actors may target this vulnerability in the near future, given the potential level of access they could achieve upon compromise. In 2023, threat actors targeted Juniper firewalls and switches using an exploit chain involving four vulnerabilities shortly after their disclosure. 

Recommendation for CVE-2024-3937

Upgrade to Latest Fixed Versions

Arctic Wolf strongly recommends that customers upgrade to the latest versions. 

Product  Affected Versions  Fixed Version 
Session Smart Router 
  • All versions before 5.6.15 
  • from 6.0 before 6.1.9-lts 
  • from 6.2 before 6.2.5-sts 
  • 5.6.15 
  • 6.1.9-lts 
  • 6.2.5-sts, and subsequent releases 
Session Smart Conductor 
WAN Assurance Router 

 

Note: In a Conductor-managed deployment, upgrading the Conductor nodes suffices to automatically apply the fix across all connected routers. This includes MIST managed WAN Assurance routers connected to the Mist Cloud, where the vulnerability has been patched automatically. Furthermore, applying the fix through Conductor or WAN assurance routers does not affect router data-plane functions. The process is non-disruptive to production traffic, with potential momentary downtime (less than 30 seconds) for web-based management and APIs. 

References 

 

Picture of Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter