How to find Juniper Network assets on your network

|
Updated

Session Smart Router and Conductor software vulnerability #

In February 2025, Juniper Networks disclosed a vulnerability in their Session Smart Router and Conductor software, previously known as 128T Networking Platform.

The issue, identified as CVE-2025-21589, could allow remote attackers to bypass authentication and take administrative control of a vulnerable system.

This vulnerability has a CVSS score of 9.8 out of 10, indicating that this is a critical vulnerability. According to the security bulletin, Juniper Networks is not aware of any active exploitation of this vulnerability.

The affected versions are:

  • 5.6.7 up to 5.6.17 
  • 6.0.8
  • 6.1 up to 6.1.12-lts
  • 6.2 up to 6.2.8-lts
  • 6.3 up to 6.3.3-r2

Are updates or workarounds available? #

Juniper has released a software update to address this vulnerability. This update available through their support portal and other update distribution mechanisms. In Conductor-managed deployments, updating the Conductor nodes is sufficient. The patch will be applied to all connected routers.

How do I find potentially vulnerable systems with runZero? #

From the Service Inventory, use the following query to locate assets that may be running the vulnerable operating system in your network:

_asset.protocol:http protocol:http _service.last.html.title:="128T Networking Platform"

January 2024: Juniper SRX firewalls and EX switches #

On January 12th, 2024, Juniper Networks disclosed a serious vulnerability in Juniper SRX firewalls and EX switches.

The issue, identified as CVE-2024-21591, allowed remote attackers to create a denial-of-service (DoS) condition or to execute arbitrary code with root privileges on vulnerable devices.

This vulnerability has a CVSS score of 9.8 out of 10, indicating this as a critical vulnerability. According to their disclosure, Juniper Networks was not aware of any active exploitation of this vulnerability.

What was the impact? #

Upon successful exploitation of these vulnerabilities, attackers could execute arbitrary code on the vulnerable system with root privileges. In general, this meant that a successful attack would result in complete system compromise.

Were updates or workarounds available? #

Juniper released a software update to address this vulnerability. This update was available through their support portal and other update distribution mechanisms.

How to find Juniper SRX firewalls and EX switches with runZero #

From the Asset Inventory, use the following query to locate assets that may be running the vulnerable operating system in your network:

hw:"Juniper EX" OR hw:"Juniper SRX"

Written by runZero Team

Great research and development is a team effort! Multiple runZero team members collaborated on this post. Go team!

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.

Discover the new era of exposure management!