- Juniper Networks says it found a critical flaw during internal testing
- Session Smart routers bug has a 9.8 severity score and allows full device takeover
- A patch is already available, so update now
Juniper Networks just released a patch for a critical vulnerability that allowed threat actors to take over Session Smart Routers (SSR).
In a security advisory, the company said that during internal testing, it discovered CVE-2025-21589, an authentication bypass vulnerability with a severity score of 9.8/10 (critical). This issue affects Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router – the affected endpoints include:
Session Smart Router:
from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2;
Session Smart Conductor:
from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2;
WAN Assurance Managed Routers:
from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2.
No workarounds
Juniper said that there are no workarounds for this issue, and that the only way to safeguard the endpoints is to apply the patches: SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2 and subsequent releases.
“In a Conductor-managed deployment, it is sufficient to upgrade only the Conductor nodes and the fix will be applied automatically to all connected routers,” Juniper explained. “As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor. Router patching can be confirmed once the router reaches the “running” (on 6.2 and earlier) or “synchronized” (on 6.3+) state on the Conductor”.
Devices that operate with WAN Assurance, connected to the Mist Cloud, are automatically updated. The routers should still be upgraded, it was said.
So far, there is no evidence of the flaws being abused in the wild.
Via BleepingComputer
