CVE-2025-21589
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Juniper Networks, Inc.
Description
Description
An Authentication Bypass Using an
Alternate Path or Channel vulnerability in Juniper Networks Session Smart
Router may allows a network-based attacker to bypass authentication
and take administrative control of the device.
This issue affects Session Smart Router:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2;
This issue affects Session Smart Conductor:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2;
This issue affects WAN Assurance Managed Routers:
* from 5.6.7 before 5.6.17,
* from 6.0 before 6.0.8 (affected from 6.0.8),
* from 6.1 before 6.1.12-lts,
* from 6.2 before 6.2.8-lts,
* from 6.3 before 6.3.3-r2.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper_networks | session_smart_router | From 5.6.7 (inc) to 5.6.17 (exc) |
| juniper_networks | session_smart_router | From 6.0 (inc) to 6.0.8 (exc) |
| juniper_networks | session_smart_router | From 6.1 (inc) to 6.1.12-lts (exc) |
| juniper_networks | session_smart_router | From 6.2 (inc) to 6.2.8-lts (exc) |
| juniper_networks | session_smart_router | From 6.3 (inc) to 6.3.3-r2 (exc) |
| juniper_networks | session_smart_conductor | From 5.6.7 (inc) to 5.6.17 (exc) |
| juniper_networks | session_smart_conductor | From 6.0 (inc) to 6.0.8 (exc) |
| juniper_networks | session_smart_conductor | From 6.1 (inc) to 6.1.12-lts (exc) |
| juniper_networks | session_smart_conductor | From 6.2 (inc) to 6.2.8-lts (exc) |
| juniper_networks | session_smart_conductor | From 6.3 (inc) to 6.3.3-r2 (exc) |
| juniper_networks | wan_assurance_managed_routers | From 5.6.7 (inc) to 5.6.17 (exc) |
| juniper_networks | wan_assurance_managed_routers | From 6.0 (inc) to 6.0.8 (exc) |
| juniper_networks | wan_assurance_managed_routers | From 6.1 (inc) to 6.1.12-lts (exc) |
| juniper_networks | wan_assurance_managed_routers | From 6.2 (inc) to 6.2.8-lts (exc) |
| juniper_networks | wan_assurance_managed_routers | From 6.3 (inc) to 6.3.3-r2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
