VDB
CVE-2024-2973
CVE-2024-2973
PUBLISHED
CVSS 10 CRITICAL
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
EPSS 0.02% · 7.0th percentile
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.02%
7.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper Networks | Session Smart Conductor | 0, 6.2, 6.0 |
| Juniper Networks | WAN Assurance Router | 6.0, 6.2, 6.0 |
| Juniper Networks | N/A | |
| juniper | wan_assurance_router | 6.2, 6.0, 6.2 |
| Juniper Networks | Session Smart Router | 6.2, 6.2, 6.0 |
| juniper | session_smart_conductor | 0, 6.2, 6.0 |
| juniper | session_smart_router | 0, 6.2, 6.0 |
Timeline
- Jun 27, 2024 CVE Published
- Jun 28, 2024 EPSS Score
- Jun 28, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
- Jul 1, 2024 PoC Published
References
- https://supportportal.juniper.net/JSA83126 vendor-advisory
- https://support.juniper.net/support/eol/software/ssr/ url
- https://nvd.nist.gov/vuln/detail/CVE-2024-2973 advisory
- https://support.juniper.net/support/eol/software/ssr url
- https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973 advisory