CVE-2024-2973
published 2024-06-27CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer…
PriorityP270critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.09%
61.1th percentile
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
Session Smart Conductor:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
WAN Assurance Router:
* 6.0 versions before 6.1.9-lts,
* 6.2 versions before 6.2.5-sts.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper_networks | session_smart_conductor | < 5.6.15 | 5.6.15 |
| juniper_networks | session_smart_conductor | >= 6.0 < 6.1.9-lts | 6.1.9-lts |
| juniper_networks | session_smart_conductor | >= 6.2 < 6.2.5-sts | 6.2.5-sts |
| juniper_networks | session_smart_router | < 5.6.15 | 5.6.15 |
| juniper_networks | session_smart_router | >= 6.0 < 6.1.9-lts | 6.1.9-lts |
| juniper_networks | session_smart_router | >= 6.2 < 6.2.5-sts | 6.2.5-sts |
| juniper_networks | wan_assurance_router | >= 6.0 < 6.1.9-lts | 6.1.9-lts |
| juniper_networks | wan_assurance_router | >= 6.2 < 6.2.5-sts | 6.2.5-sts |
Detection & IOCsextracted from sources · hover to see the quote
- →Target devices are Juniper Networks Session Smart Router (SSR) or Session Smart Conductor running in high-availability redundant configurations — only HA/redundant-peer deployments are exploitable ↗
- →Attack vector is network-based with no authentication required; monitor for unexpected administrative access or session takeover on SSR/Conductor management interfaces from external network sources ↗
- →CVE-2024-2973 was actively targeted in attacks shortly after patch release; prioritize detection on internet-exposed SSR/Conductor management planes ↗
- ·Only high-availability (redundant peer) deployments of Session Smart Router or Conductor are vulnerable; standalone (non-HA) deployments are NOT affected ↗
- ·No other Juniper Networks products or platforms are affected by this issue ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Red
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Juniper
CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redunda
vendor_juniper·2024-06-27·CVSS 10.0
CVE-2024-2973 [CRITICAL] CWE-288 CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redunda
CVE-2024-2973: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
Session Smart Conductor:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
WAN Assurance Router:
* 6.0 versions before 6.1.9-lts,
* 6.2 versions bef
GHSA
GHSA-jcwm-g9h6-hf43: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redunda
ghsa_unreviewed·2024-06-27
CVE-2024-2973 [CRITICAL] CWE-288 GHSA-jcwm-g9h6-hf43: An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redunda
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
Session Smart Conductor:
* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.
WAN Assurance Router:
* 6.0 versions before 6.1.9-lts,
* 6.2 versions before 6.2.5-sts.
Suricata
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 - UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767)
suricata·2024-09-23·CVSS 7.4
CVE-2024-20767 [HIGH] ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 - UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767)
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 - UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M1 - UUID Leak Via servermanager.cfc getHeartBeat Method (CVE-2024-20767)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:68; content:"/CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat"; fast_pattern; reference:url,jeva.cc/2973.html; reference:cve,2024-20767; classtype:attempted-admin; sid:2056086; rev:1; metadata:affected_product Adobe_Coldfusion, tls_state TLSDecrypt, created_at 2024_09_23, cve CVE_2024_20767, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact L
Suricata
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 - Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767)
suricata·2024-09-23·CVSS 7.4
CVE-2024-20767 [HIGH] ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 - Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767)
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 - Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M3 - Heap Memory Dump Module Unauthorized Memory Dump Attempt (CVE-2024-20767)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/pms?module=heap_dump&username="; fast_pattern; startswith; pcre:"/^.{0,10}(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; content:"action=take"; endswith; http.request_header; content:"uuid|3a 20|"; nocase; pcre:"/^[a-f0-9]{8}-(?:[a-f0-9]{4}-){3}[a-f0-9]{12}/R"; reference:url,jeva.cc/2973.html; reference:cve,2024-20767; classtype:attempted-admin; sid:2056087; rev:1;
Suricata
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M2 - logging Module Directory Traversal Attempt (CVE-2024-20767)
suricata·2024-05-30·CVSS 7.4
CVE-2024-20767 [HIGH] ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M2 - logging Module Directory Traversal Attempt (CVE-2024-20767)
ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M2 - logging Module Directory Traversal Attempt (CVE-2024-20767)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER Adobe ColdFusion Arbitrary File Read Vulnerability M2 - logging Module Directory Traversal Attempt (CVE-2024-20767)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/pms?module=logging&file_name="; fast_pattern; startswith; pcre:"/^.{0,10}(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; content:"&number_of_lines="; distance:0; http.header; content:"uuid|3a 20|"; nocase; pcre:"/^[a-f0-9]{8}(?:[a-f0-9]{4}-){3}[a-f0-9]{12}/R"; reference:url,jeva.cc/2973.html; reference:url,nvd.nist.gov/vuln/detail/CVE-2024-20767; reference:cve,2024-20767; classtype:attempted-us
No public exploits indexed.
2024-06-27
Published