- Juniper Networks says he found a critical defect during internal tests
- Session Smart Routers BUG has a gravity score of 9.8 and allows the full acquisition of the device
- A patch is now available, so update now
Juniper Networks has just launched a patch for a critical vulnerability that allowed the threat actors to take care of session Smart Routers (SSR).
In a security notice, the company said that during the internal tests, discovered CVE-2025-21589, a vulnerability of authentication with a gravity score of 9.8/10 (critical). This problem affects the smart router of the session, the intelligent session driver and the Wan Assurance manager: the affected final points include:
Smart Session Router:
of 5.6.7 before 5.6.17,
6.0.8,
of 6.1 before 6.1.12-lts,
6.2 before 6.2.8 lts,
of 6.3 before 6.3.3-r2;
SMART SESSION Driver:
of 5.6.7 before 5.6.17,
6.0.8,
of 6.1 before 6.1.12-lts,
6.2 before 6.2.8 lts,
of 6.3 before 6.3.3-r2;
WAN ASSURANCE ADMINISTRATED ROUTINERS:
of 5.6.7 before 5.6.17,
6.0.8,
of 6.1 before 6.1.12-lts,
6.2 before 6.2.8 lts,
of 6.3 before 6.3.3-R2.
No solution
Juniper said that there are no solutions for this problem, and that the only way to safeguard the final points is to apply the patches: SSR-5.6.17, SSR-6.1.12-LTS, SSR-6.2.8-LTS, SSR – 6.3.3-R2 and later releases.
“In an implementation administered by the driver, it is sufficient to update only the nodes of the drivers and the solution will automatically apply to all connected routers,” said Juniper. “As practical, the routers must still be updated to a fixed version, however, they will not be vulnerable once they connect to an improved driver. The router patch can be confirmed once the router reaches the “execute” (in 6.2 and before) or “synchronized” (in 6.3+) in the state of the driver. “
The devices that operate with Wan Assurance, connected to the cloud of Misores, are automatically updated. The routers must still be updated, it was said.
Until now, there is no evidence that defects are abused in nature.
Through Bleepingcomputer
