CVE-2025-21589

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.

CVSS breakdown

Affected products

• Juniper Networks / Session Smart Conductor5.6.7 – 5.6.17
• Juniper Networks / Session Smart Conductor6.0 – 6.0.8
• Juniper Networks / Session Smart Conductor6.1 – 6.1.12-lts
• Juniper Networks / Session Smart Conductor6.2 – 6.2.8-lts
• Juniper Networks / Session Smart Conductor6.3 – 6.3.3-r2
• Juniper Networks / Session Smart Router5.6.7 – 5.6.17
• Juniper Networks / Session Smart Router6.0 – 6.0.8
• Juniper Networks / Session Smart Router6.1 – 6.1.12-lts
• Juniper Networks / Session Smart Router6.2 – 6.2.8-lts
• Juniper Networks / Session Smart Router6.3 – 6.3.3-r2
• Juniper Networks / WAN Assurance Managed Router5.6.7 – 5.6.17
• Juniper Networks / WAN Assurance Managed Router6.0 – 6.0.8
• Juniper Networks / WAN Assurance Managed Router6.1 – 6.1.12-lts
• Juniper Networks / WAN Assurance Managed Router6.2 – 6.2.8-lts
• Juniper Networks / WAN Assurance Managed Router6.3 – 6.3.3-r2

References

• MISChttps://supportportal.juniper.net/
• MISChttps://support.juniper.net/support/eol/software/ssr/
• MISChttps://kb.juniper.net/JSA94663