Juniper Session Smart Router: Security leak enables takeover

Attackers can abuse security vulnerabilities in Juniper's Session Smart Router, Session Smart Conductor and WAN Assurance Router. It is possible to take over vulnerable devices.

Juniper has therefore published a security notice out of turn. In it, the manufacturer warns that this is a critical vulnerability. According to this, attackers from the network can bypass authentication and take administrative control of the devices, as there is an “authentication bypass on an alternate path or channel” vulnerability in the firmware of the devices (CVE-2025-21589, CVSS 9.8, risk “critical”).

Juniper: Vulnerable versions

Juniper's Session Smart Router, Session Smart Conductor and WAN Assurance Managed Router versions 5.6.7 to before 5.6.17, 6.0.8, 6.1 to before 6.1.12-lts, 6.2 to before 6.2.8-lts and 6.3 to before 6.3.3-r2 are vulnerable to the vulnerability. The SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts and SSR-6.3.3-r2 versions of the Session Smart Router plug the security leaks.

In environments managed by Conductor, updating the Conductor nodes should be sufficient, the updates are then automatically distributed to the connected routers. WAN Assurance Managed Routers connected to the Mist Cloud are also said to have been updated automatically. Nevertheless, admins should check whether the devices have reached the above-mentioned or newer versions and update them if necessary.

Juniper does not mention any temporary countermeasures that would mitigate the effects of the vulnerability. The vulnerability was also found internally, and Juniper has no knowledge of any attacks on it.

At the end of January, IT security researchers examined Juniper routers that had previously been compromised in attacks. The perpetrators installed customized backdoors that listened for certain Magic Packets before becoming active. Cyber criminals are therefore interested in Juniper devices, which is why IT managers should apply the security updates quickly.

(dmk)