{"vulnerability": "CVE-2024-2973", "sightings": [{"uuid": "f4319b31-c311-405c-84ef-56fe7c0dd935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "Telegram/SVY7YPOS_5NW95sWkdrgJ6bPCVxBrcZJmEfzskRYl19xkso", "content": "", "creation_timestamp": "2024-07-01T09:03:31.000000Z"}, {"uuid": "e9646f06-5d41-418f-9043-7399733e881b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29736", "type": "seen", "source": "https://t.me/cvedetector/1208", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29736 - Apache CXF WADL SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29736 \nPublished : July 19, 2024, 9:15 a.m. | 36\u00a0minutes ago \nDescription : A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-19T12:01:50.000000Z"}, {"uuid": "93a0b8e3-2131-49d9-8733-d555a23bd043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29738", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9494", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29738\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\ud83d\udccf Published: 2024-04-05T20:02:14.922Z\n\ud83d\udccf Modified: 2025-03-28T23:21:46.408Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/pixel/2024-04-01", "creation_timestamp": "2025-03-28T23:29:12.000000Z"}, {"uuid": "6331eb30-1ad1-444e-940f-943830d85fa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29735", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4317", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29735\n\ud83d\udd25 CVSS Score: 5.2 (CVSS_V3)\n\ud83d\udd39 Description: Improper Preservation of Permissions vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.8.2 through 2.8.3.\n\nAirflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group\u00a0of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem.\n\nIf your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable.\n\nThis issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( https://hub.docker.com/r/apache/airflow/ ) - those images require to have group write permission set anyway.\n\nYou are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. where Airflow components do not share containers with other applications and users.\n\nAlso you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems.\n\nRecommendation for users using Airflow outside of the containers:\n\n  *  if you are using root to run Airflow, change your Airflow user to use non-root\n  *  upgrade Apache Airflow to 2.8.4 or above\n  *  If you prefer not to upgrade, you can change the  https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions \u00a0to 0o755 (original value 0o775).\n  *  if you already ran Airflow tasks before and your default umask is 022 (group write disabled) you should stop Airflow components, check permissions of AIRFLOW_HOME/logs\u00a0in all your components and all parent directories of this directory and remove group write access for all the parent directories\n\ud83d\udccf Published: 2024-03-26T18:32:06Z\n\ud83d\udccf Modified: 2025-02-13T19:04:38Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-29735\n2. https://github.com/apache/airflow/issues/37200\n3. https://github.com/apache/airflow/pull/37310\n4. https://github.com/apache/airflow/commit/aae4a83cdfb3be4afeefd88a7bfa3c4d8d184958\n5. https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#file-task-handler-new-folder-permissions\n6. https://github.com/apache/airflow\n7. https://lists.apache.org/thread/8khb1rtbznh100o325fb8xw5wjvtv536\n8. http://www.openwall.com/lists/oss-security/2024/03/26/2", "creation_timestamp": "2025-02-13T19:17:04.000000Z"}, {"uuid": "425e01dd-5c0f-463a-84dc-842158635f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29737", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4350", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-29737\n\ud83d\udd25 CVSS Score: 4.6 (CVSS_V3)\n\ud83d\udd39 Description: In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.\n\nMitigation:\n\nall users should upgrade to 2.1.4\n\nBackground info:\n\nLog in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the \"Build Argument\". Note that there is no verification and interception of the special character \"`\". As a result, you will find that this injection command will be successfully executed after executing the build.\n\nIn the latest version, the special symbol ` is intercepted.\n\ud83d\udccf Published: 2024-07-17T09:30:49Z\n\ud83d\udccf Modified: 2025-02-13T20:22:54Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-29737\n2. https://github.com/apache/streampark\n3. https://lists.apache.org/thread/xhx7jt1t24s6d7o435wxng8t0ojfbfh5\n4. http://www.openwall.com/lists/oss-security/2024/07/17/2", "creation_timestamp": "2025-02-13T21:11:14.000000Z"}, {"uuid": "af901ffe-b6ea-487c-8029-e97ebc1a479c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/4014", "content": "\u200aCVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass Vulnerability\n\nhttps://securityonline.info/cve-2024-2973-cvss-10-juniper-session-smart-router-authentication-bypass-vulnerability/", "creation_timestamp": "2024-06-28T16:04:42.000000Z"}, {"uuid": "37a600cc-a4fc-4e42-b7d9-f8a4bc1b98fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29737", "type": "published-proof-of-concept", "source": "https://t.me/cvedetector/1074", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29737 - Streampark Project Module Remote Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29737 \nPublished : July 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low.  \n  \nMitigation:  \n  \nall users should upgrade to 2.1.4  \n  \nBackground info:  \n  \nLog in to Streampark using the default username (e.g. test1, test2, test3) and the default password (streampark). Navigate to the Project module, then add a new project. Enter the git repository address of the project and input `touch /tmp/success_2.1.2` as the \"Build Argument\". Note that there is no verification and interception of the special character \"`\". As a result, you will find that this injection command will be successfully executed after executing the build.  \n  \nIn the latest version, the special symbol ` is intercepted. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T12:22:06.000000Z"}, {"uuid": "3284bba5-1c86-4620-92b2-1b46724a8843", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "Telegram/vsBgvOFKQlr2tmNstRSMpQYfXPKjwZaUx8Lsa2fNUE9Qyg", "content": "", "creation_timestamp": "2024-07-01T11:52:12.000000Z"}, {"uuid": "e17d110f-0452-4a0c-8bd7-67b8f2d2ceb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "Telegram/nRxl_v7q2_-wQQSFExsCwwnJqxMyvn0N1HN4b4hyx1PhNQ", "content": "", "creation_timestamp": "2024-07-01T10:23:03.000000Z"}, {"uuid": "dbad24d3-5d91-40bd-8157-1213f69cd603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/13740", "content": "The Hacker News\nJuniper Networks Releases Critical Security Update for Routers\n\nJuniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.\nThe vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.\n\u201cAn Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor", "creation_timestamp": "2024-07-01T11:52:12.000000Z"}, {"uuid": "053be677-28b0-4212-9552-aba654e66f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/2691", "content": "The Hacker News\nJuniper Networks Releases Critical Security Update for Routers\n\nJuniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.\nThe vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.\n\u201cAn Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor", "creation_timestamp": "2024-07-01T11:52:12.000000Z"}, {"uuid": "0d9a78a6-8f76-4f74-80ac-ba986503abd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "Telegram/Ac__eUd8-2PyLDZOEPK4V3uYo8blsMhAhW_rbnZbHV7CxQE", "content": "", "creation_timestamp": "2024-07-01T21:31:15.000000Z"}, {"uuid": "fa7190df-c95e-4005-aa04-3c37be7ff58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/CyberSecurityIL/48512", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05e9\u05ea\u05d9 \u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d7\u05d3\u05e9\u05d5\u05ea \u05e9\u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05dc\u05d0\u05d7\u05e8\u05d5\u05e0\u05d4, \u05d4\u05d0\u05d7\u05ea \u05d1\u05e9\u05e8\u05ea\u05d9 OpenSSH \u05d5\u05d4\u05e9\u05e0\u05d9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd \u05e9\u05dc \u05d7\u05d1\u05e8\u05ea \u05d2'\u05d5\u05e0\u05d9\u05e4\u05e8:\n Session Smart Router (SSR), Session Smart Conductor, \u05d5- WAN Assurance Router\n\n1. \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1- OpenSSH \u05d4\u05d9\u05d0 CVE-2024-6387, \u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df\n\n2. \u05d4\u05d7\u05d5\u05dc\u05e9\u05d4 \u05d1\u05de\u05d5\u05e6\u05e8\u05d9 \u05d2'\u05d5\u05e0\u05d9\u05e4\u05e8 \u05d4\u05d9\u05d0 CVE-2024-2973, \u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df.\n\n\u05e9\u05ea\u05d9 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d4\u05d5\u05e4\u05d9\u05e2\u05d5 \u05de\u05d5\u05e7\u05d3\u05dd \u05d9\u05d5\u05ea\u05e8 \u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d5\u05d1\u05e4\u05d9\u05d3 \u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea \u05d4\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea \u05d4\u05d6\u05de\u05d9\u05e0\u05d9\u05dd \u05dc\u05ea\u05d5\u05de\u05db\u05d9 \u05d4\u05e2\u05e8\u05d5\u05e5\n\nhttps://t.me/CyberSecurityIL/5369", "creation_timestamp": "2024-07-03T11:42:07.000000Z"}, {"uuid": "54fa43f1-979f-4641-9876-47602fb7f43c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/true_secator/5917", "content": "Juniper Networks \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Session Smart Router (SSR), Session Smart Conductor \u0438 WAN Assurance Router.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-2973 (CVSS 10,0) \u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0438\u043b\u0438 \u043a\u0430\u043d\u0430\u043b\u0430 \u0432 Juniper Networks Session Smart Router \u0438\u043b\u0438 Conductor \u0441 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u043c \u0443\u0437\u043b\u043e\u043c, \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b \u0438\u043b\u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0438, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445 \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c\u044e \u0438 \u0438\u0437\u0431\u044b\u0442\u043e\u0447\u043d\u043e\u0441\u0442\u044c\u044e.\n\n\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438, \u0433\u0434\u0435 \u043d\u0435\u043f\u0440\u0435\u0440\u044b\u0432\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0448\u0430\u044e\u0449\u0435\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435. \u041e\u043d\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u044f \u0431\u0435\u0441\u043f\u0435\u0440\u0435\u0431\u043e\u0439\u043d\u044b\u0445 \u0443\u0441\u043b\u0443\u0433 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u043a \u043d\u0435\u043f\u0440\u0435\u0434\u0432\u0438\u0434\u0435\u043d\u043d\u044b\u043c \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u043c.\n\n\u042d\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e \u0434\u043e\u0432\u043e\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u043e\u0439 \u0432 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0430\u0436\u043d\u043e\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0439, \u0426\u041e\u0414, \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u044f\u0445, \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0441\u043b\u0443\u0436\u0431\u0430\u0445.\n\nCVE-2024-2973 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Session Smart Router \u0438 Conductor \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043e 5.6.15, \u0441 6.0 \u0434\u043e 6.1.9-lts, \u0441 6.2 \u0434\u043e 6.2.5-sts, \u0430 \u0442\u0430\u043a\u0436\u0435 WAN Assurance Router 6.0 \u0434\u043e 6.1.9-lts, 6.2 \u0434\u043e 6.2.5-sts.\n\n\u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439, \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439.", "creation_timestamp": "2024-07-01T11:36:30.000000Z"}, {"uuid": "169703e4-802f-44e1-9538-0e5f02304a70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/xakep_ru/16038", "content": "Juniper \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e \u043f\u0430\u0442\u0447\u0438\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Juniper Networks \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2024-2973 (10 \u0431\u0430\u043b\u043b\u043e\u0432 \u0438\u0437 10 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Session Smart Router (SSR), Session Smart Conductor \u0438 WAN Assurance Router.\n\nhttps://xakep.ru/2024/07/01/juniper-auth-bypass/", "creation_timestamp": "2024-07-01T16:35:24.000000Z"}, {"uuid": "d59652ba-0809-489a-af3b-aaad6553761c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/KomunitiSiber/2186", "content": "Juniper Networks Releases Critical Security Update for Routers\nhttps://thehackernews.com/2024/07/juniper-networks-releases-critical.html\n\nJuniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers.\nThe vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity.\n\u201cAn Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor", "creation_timestamp": "2024-07-01T08:56:31.000000Z"}, {"uuid": "18d611d3-e759-4afb-b6bf-dbf6f63b82e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "Telegram/emkk85D-h4yecD2SdTv-ji-ulborzSYKqWklqHtGn2Orxk0", "content": "", "creation_timestamp": "2024-07-01T18:10:28.000000Z"}, {"uuid": "1fbb84ad-84d1-4b35-964d-fa48c8d58de2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2973", "type": "seen", "source": "https://t.me/thehackernews/5191", "content": "\ud83d\udea8 Critical Alert for Network Admins! \n \nJuniper Networks just dropped an urgent security patch. \n \n\u279f CVE-2024-2973: Authentication bypass flaw \n\u279f CVSS score: 10.0 \n\u279f Affects Session Smart Router & Conductor in HA configs \n \nRead: https://thehackernews.com/2024/07/juniper-networks-releases-critical.html", "creation_timestamp": "2024-07-01T08:28:03.000000Z"}]}