An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue affects:

Session Smart Router:

* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.

Session Smart Conductor:

* All versions before 5.6.15,
* from 6.0 before 6.1.9-lts,
* from 6.2 before 6.2.5-sts.

WAN Assurance Router:

* 6.0 versions before 6.1.9-lts,
* 6.2 versions before 6.2.5-sts.

Related CVEs

CVE-2024-2973

Key Information

GHSA ID

GHSA-jcwm-g9h6-hf43

Published

June 27, 2024 9:32 PM

Last Modified

June 27, 2024 9:32 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.