CNNVD-202601-4453 Information

Jan 27, 2026 cve

CNNVD ID

CNNVD-202601-4453

CVE-2025-21589

  • CNNVD Published: 2026-01-27

Description (Chinese)

Juniper Networks Session Smart Conductor等都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Session Smart Conductor是一个广域网架构的集中管理和控制平台。Juniper Networks Session Smart Router是一个基于软件的智能网络技术。Juniper Networks WAN Assurance Managed Router是一个智能化网络管理平台。 Juniper Networks多款产品存在安全漏洞,该漏洞源于身份验证绕过,可能导致网络攻击者绕过身份验证并获取设备管理控制权。以下产品及版本受到影响:Session Smart Router 5.6.7至5.6.17之前版本、6.0至6.0.8之前版本、6.1至6.1.12-lts之前版本、6.2至6.2.8-lts之前版本和6.3至6.3.3-r2之前版本,Session Smart Conductor 5.6.7至5.6.17之前版本、6.0至6.0.8之前版本、6.1至6.1.12-lts之前版本、6.2至6.2.8-lts之前版本和6.3至6.3.3-r2之前版本,以及WAN Assurance Managed Routers 5.6.7至5.6.17之前版本、6.0至6.0.8之前版本、6.1至6.1.12-lts之前版本、6.2至6.2.8-lts之前版本和6.3至6.3.3-r2之前版本。

Description (English)

Juniper Networks Society Smart Contractors and others are products of Juniper Networks. Junior Networks Session Smart Contractor is a centralized management and control platform for the wide-area network architecture. Junior Networks Session Smart Router is a software-based smart network technology. Junior Networkswan Assurance Managed Router is an intelligent web management platform. There is a safety gap in a number of Juniper Networks products, which stems from the circumvention of identification, which may lead cyber-attackors to bypass identification and gain control over equipment management. The following products and versions were affected: previous versions 5.6.7 to 5.6.17, pre versions 6.0 to 6.0.8, pre versions 6.1 to 6.1.12-lts, pre versions 6.2 to 6.2.8-lts and pre-versions 6.3 to 6.3.3-r2, pre-versions 5.6.7 to 5.6.17, pre versions 6.0 to 6.0.8, pre-versions 6.1 to 6.1.12-lts, pre-versions 6.2 to 6.2.8-lts and pre-versions 6.3 to 6.3.3-r2, and pre-versions 5.67 to 5.6.17, pre-versions 6.0 to 6.6.8, pre-versions 6.1 to 6.1.12-lts, pre-versions 6.2-2.8 and pre-versions 6.3-3.3-r2.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

瞻博网络

Published

2026-01-27

Last Modified

2026-02-24

References

https://kb.juniper.net/JSA94663 https://support.juniper.net/support/eol/software/ssr/ https://supportportal.juniper.net/

Patch

https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589

Share on: