CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.

Una vulnerabilidad de omisión de autenticación usando una ruta o canal alternativo en el router Session Smart de Juniper Networks puede permitir a un atacante basado en la red omitir la autenticación y tomar el control administrativo del dispositivo. Este problema afecta al Router Session Smart: * desde 5.6.7 antes de 5.6.17, * desde 6.0 antes de 6.0.8 (afectado desde 6.0.8), * desde 6.1 antes de 6.1.12-lts, * desde 6.2 antes de 6.2.8-lts, * desde 6.3 antes de 6.3.3-r2; Este problema afecta al Conductor Session Smart: * desde 5.6.7 antes de 5.6.17, * desde 6.0 antes de 6.0.8 (afectado desde 6.0.8), * desde 6.1 antes de 6.1.12-lts, * desde 6.2 antes de 6.2.8-lts, * desde 6.3 antes de 6.3.3-r2; Este problema afecta a los Routers Gestionados de WAN Assurance: * desde 5.6.7 antes de 5.6.17, * desde 6.0 antes de 6.0.8 (afectado desde 6.0.8), * desde 6.1 antes de 6.1.12-lts, * desde 6.2 antes de 6.2.8-lts, * desde 6.3 antes de 6.3.3-r2.