1.0 Introduction
Recently, Juniper Networks has released a security advisory to address a critical vulnerability in multiple Juniper Networks devices.
2.0 Impact
This vulnerability potentially allowing an attacker to bypass authentication and gain administrative control over affected devices.
3.0 Affected Products
- Session Smart Router: Versions 5.6.7 before 5.6.17, 6.0.8, 6.1 before 6.1.12-lts, 6.2 before 6.2.8-lts, 6.3 before 6.3.3-r2
- Session Smart Conductor: Versions 5.6.7 before 5.6.17, 6.0.8, 6.1 before 6.1.12-lts, 6.2 before 6.2.8-lts, 6.3 before 6.3.3-r2
- WAN Assurance Managed Routers: Versions 5.6.7 before 5.6.17, 6.0.8, 6.1 before 6.1.12-lts, 6.2 before 6.2.8-lts, 6.3 before 6.3.3-r2
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Juniper Advisory and apply the necessary updates.
Kindly refer to the following URL for more information: https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US
Generally, we advise the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Team through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.mycert.org.my
5.0 References