CVE-2025-21589
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/01/2026
Última modificación:
27/01/2026
Descripción
*** Pendiente de traducción *** An Authentication Bypass Using an<br />
Alternate Path or Channel vulnerability in Juniper Networks Session Smart<br />
Router may allows a network-based attacker to bypass authentication<br />
and take administrative control of the device.<br />
<br />
This issue affects Session Smart Router: <br />
<br />
<br />
<br />
* from 5.6.7 before 5.6.17, <br />
* from 6.0 before 6.0.8 (affected from 6.0.8),<br />
<br />
* from 6.1 before 6.1.12-lts, <br />
* from 6.2 before 6.2.8-lts, <br />
* from 6.3 before 6.3.3-r2; <br />
<br />
<br />
<br />
<br />
This issue affects Session Smart Conductor: <br />
<br />
<br />
<br />
* from 5.6.7 before 5.6.17, <br />
* from 6.0 before 6.0.8 (affected from 6.0.8),<br />
<br />
* from 6.1 before 6.1.12-lts, <br />
* from 6.2 before 6.2.8-lts, <br />
* from 6.3 before 6.3.3-r2; <br />
<br />
<br />
<br />
<br />
This issue affects WAN Assurance Managed Routers: <br />
<br />
<br />
<br />
* from 5.6.7 before 5.6.17, <br />
* from 6.0 before 6.0.8 (affected from 6.0.8),<br />
<br />
* from 6.1 before 6.1.12-lts, <br />
* from 6.2 before 6.2.8-lts, <br />
* from 6.3 before 6.3.3-r2.
Impacto
Puntuación base 4.0
9.30
Gravedad 4.0
CRÍTICA
Puntuación base 3.x
9.80
Gravedad 3.x
CRÍTICA