CVE-2024-2973

Name of the Vulnerable Software and Affected Versions Session Smart Router versions prior to 5.6.15 Session Smart Router versions 6.0 through 6.1.9-lts Session Smart Router versions 6.2 through 6.2.5-sts Session Smart Conductor versions prior to 5.6.15 Session Smart Conductor versions 6.0 through 6.1.9-lts Session Smart Conductor versions 6.2 through 6.2.5-sts WAN Assurance Router versions 6.0 through 6.1.9-lts WAN Assurance Router versions 6.2 through 6.2.5-sts

Description An Authentication Bypass Using an Alternate Path or Channel vulnerability allows a network-based attacker to bypass authentication and take full control of the device. This issue affects routers or conductors running in high-availability redundant configurations.

Recommendations For Session Smart Router versions prior to 5.6.15, update to version 5.6.15 or later. For Session Smart Router versions 6.0 through 6.1.9-lts, update to version 6.1.9-lts or later. For Session Smart Router versions 6.2 through 6.2.5-sts, update to version 6.2.5-sts or later. For Session Smart Conductor versions prior to 5.6.15, update to version 5.6.15 or later. For Session Smart Conductor versions 6.0 through 6.1.9-lts, update to version 6.1.9-lts or later. For Session Smart Conductor versions 6.2 through 6.2.5-sts, update to version 6.2.5-sts or later. For WAN Assurance Router versions 6.0 through 6.1.9-lts, update to version 6.1.9-lts or later. For WAN Assurance Router versions 6.2 through 6.2.5-sts, update to version 6.2.5-sts or later.