发布日期：2026-01-27
更新日期：2026-04-20

受影响系统：

Juniper Networks Session Smart Router > 6.3 < 6.3.3-r2
Juniper Networks Session Smart Router > 6.2 < 6.2.8-lts
Juniper Networks Session Smart Router > 6.1 < 6.1.12-lts
Juniper Networks Session Smart Router > 6.0 < 6.0.8
Juniper Networks Session Smart Router > 5.6.7 < 5.6.17
Juniper Networks Session Smart Conductor > 6.3 < 6.3.3-r2
Juniper Networks Session Smart Conductor > 6.2 < 6.2.8-lts
Juniper Networks Session Smart Conductor > 6.1 < 6.1.12-lts
Juniper Networks Session Smart Conductor > 6.0 < 6.0.8
Juniper Networks Session Smart Conductor > 5.6.7 < 5.6.17
Juniper Networks WAN Assurance Managed Routers > 6.3 < 6.3.3-r2
Juniper Networks WAN Assurance Managed Routers > 6.2 < 6.2.8-lts
Juniper Networks WAN Assurance Managed Routers > 6.1 < 6.1.12-lts
Juniper Networks WAN Assurance Managed Routers > 6.0 < 6.0.8
Juniper Networks WAN Assurance Managed Routers > 5.6.7 < 5.6.17

描述：

---

CVE(CAN) ID: CVE-2025-21589

Juniper Networks Session Smart Conductor等都是美国瞻博网络（Juniper Networks）公司的产品；Juniper Networks Session Smart Conductor是一个广域网架构的集中管理和控制平台，Juniper Networks Session Smart Router是一个基于软件的智能网络技术，Juniper Networks WAN Assurance Managed Router是一个智能化网络管理平台。
Juniper Networks多款产品存在身份验证绕过漏洞，攻击者可利用该漏洞获取管理用户权限。

<**>

建议：

---

厂商补丁：

Juniper Networks
----------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589

浏览次数：71
严重程度：0（网友投票）