Description
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects Session Smart Conductor: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2; This issue affects WAN Assurance Managed Routers: * from 5.6.7 before 5.6.17, * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts, * from 6.2 before 6.2.8-lts, * from 6.3 before 6.3.3-r2.
Problem types
CWE-288 Authentication Bypass Using an Alternate Path or Channel
Product status
5.6.7 (semver) before 5.6.17
6.0 (semver) before 6.0.8
6.1 (semver) before 6.1.12-lts
6.2 (semver) before 6.2.8-lts
6.3 (semver) before 6.3.3-r2
5.6.7 (semver) before 5.6.17
6.0 (semver) before 6.0.8
6.1 (semver) before 6.1.12-lts
6.2 (semver) before 6.2.8-lts
6.3 (semver) before 6.3.3-r2
5.6.7 (semver) before 5.6.17
6.0 (semver) before 6.0.8
6.1 (semver) before 6.1.12-lts
6.2 (semver) before 6.2.8-lts
6.3 (semver) before 6.3.3-r2
References
supportportal.juniper.net/
support.juniper.net/support/eol/software/ssr/
kb.juniper.net/JSA94663