Juniper Session Sensible routers have a crucial flaw, so patch now

Juniper Networks says it discovered a crucial flaw throughout inner testing
Session Sensible routers bug has a 9.8 severity rating and permits full gadget takeover
A patch is already accessible, so replace now

Juniper Networks simply launched a patch for a crucial vulnerability that allowed risk actors to take over Session Sensible Routers (SSR).

In a safety advisory, the corporate mentioned that in inner testing, it found CVE-2025-21589, an authentication bypass vulnerability with a severity rating of 9.8/10 (crucial). This challenge impacts Session Sensible Router, Session Sensible Conductor, and WAN Assurance Managed Router – the affected endpoints embrace:

Session Sensible Router:

from 5.6.7 earlier than 5.6.17, from 6.0.8,from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, from 6.3 earlier than 6.3.3-r2;

Session Sensible Conductor:

from 5.6.7 earlier than 5.6.17, from 6.0.8,from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, from 6.3 earlier than 6.3.3-r2;

WAN Assurance Managed Routers:

Signal as much as the TechRadar Professional publication to get all the highest information, opinion, options and steering what you are promoting must succeed!

from 5.6.7 earlier than 5.6.17, from 6.0.8,from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, from 6.3 earlier than 6.3.3-r2.

No workarounds

Juniper mentioned that there aren’t any workarounds for this challenge, and that the one option to safeguard the endpoints is to use the patches: SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2 and subsequent releases.

“In a Conductor-managed deployment, it is sufficient to upgrade only the Conductor nodes and the fix will be applied automatically to all connected routers,” Juniper defined. “As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor. Router patching can be confirmed once the router reaches the “running” (on 6.2 and earlier) or “synchronized” (on 6.3+) state on the Conductor”.

Gadgets that function with WAN Assurance, related to the Mist Cloud, are mechanically up to date. The routers ought to nonetheless be upgraded, it was mentioned.

Up to now, there is no such thing as a proof of the issues being abused within the wild.

Through BleepingComputer

You may also like

Supply hyperlink

The publish Juniper Session Sensible routers have a crucial flaw, so patch now appeared first on World On-line.