Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10.

The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an unpatched device.

“Only Routers or Conductors that are running in high-availability redundant configurations are affected by this vulnerability,” the emergency security advisory said.