Juniper Networks has released an emergency update to address a severe vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

       The security issue is tracked as CVE-2024-2973 and an attacker could exploit it to take full control of the device.

       This issue affects:

      Session Smart Router:

• All versions before 5.6.15, 
• from 6.0 before 6.1.9-lts, 
• from 6.2 before 6.2.5-sts.

      Session Smart Conductor: 

• All versions before 5.6.15, 
• from 6.0 before 6.1.9-lts, 
• from 6.2 before 6.2.5-sts. 

      WAN Assurance Router: 

• 6.0 versions before 6.1.9-lts, 
• 6.2 versions before 6.2.5-sts.

Additional information about vulnerabilities and updates can be found at Juniper Networks security advisory - juniper.net.