Vulnerability-Lookup

CVE-2025-59969 (GCVE-0-2025-59969)

Vulnerability from cvelistv5 – Published: 2026-04-09 21:25 – Updated: 2026-04-09 21:25

Title

Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart

Summary

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart. Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition. This issue affects Junos OS Evolved PTX Series: * All versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R2-EVO. This issue affects Junos OS Evolved on QFX5000 Series: * 22.2-EVO version before 22.2R3-S7-EVO, * 22.4-EVO version before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S5-EVO, * 24.2-EVO versions before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA103159

vendor-advisory

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS Evolved

Affected: 0 , < 22.4R3-S8-EVO (semver)
Affected: 23.2 , < 23.2R2-S5-EVO (semver)
Affected: 23.4 , < 23.4R2-EVO (semver)
Affected: 24.2 , < 24.2R2-EVO (semver)
Affected: 24.4 , < 24.4R2-EVO (semver)

Juniper Networks

Junos OS Evolved

Affected: 22.2 , < 22.2R3-S7-EVO (semver)
Affected: 22.4 , < 22.4R3-S7-EVO (semver)
Affected: 23.2 , < 23.2R2-S4-EVO (semver)
Affected: 23.4 , < 23.4R2-S5-EVO (semver)
Affected: 24.2 , < 24.2R2-S1-EVO (semver)
Affected: 24.4 , < 24.4R1-S3-EVO, 24.4R2-EVO (semver)

Date Public ?

2026-04-08 16:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "evo-aftmand"
          ],
          "platforms": [
            "PTX Series"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "evo-pfemand"
          ],
          "platforms": [
            "QFX5000 Series"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.2R3-S7-EVO",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7-EVO",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S5-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S1-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S3-EVO, 24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRequired Configuration for Exposure:\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003ctt\u003e\u0026nbsp; [ protocols mld ]\u003cbr\u003e\u003c/tt\u003eor\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ protocols pim ]\u003cbr\u003e\u003c/tt\u003e"
            }
          ],
          "value": "Required Configuration for Exposure:\u00a0\n\n\u00a0 [ protocols mld ]\nor\n\u00a0 [ protocols pim ]"
        }
      ],
      "datePublic": "2026-04-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in the advanced forwarding toolkit (evo-aftmand/\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eevo-pfemand\u003c/span\u003e) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\u003cp\u003eAn attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u0026nbsp;\u003cspan style=\"background-color: rgba(255, 255, 255, 0.85);\"\u003eContinued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved PTX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-EVO,\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO,\u003c/li\u003e\u003cli\u003efrom 24.4 before\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.4R2-EVO.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved on QFX5000 Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e22.2-EVO version before 22.2R3-S7-EVO,\u003c/li\u003e\u003cli\u003e22.4-EVO version before 22.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R2-S5-EVO, \u003c/li\u003e\u003cli\u003e24.2-EVO versions before 24.2R2-S1-EVO,\u003c/li\u003e\u003cli\u003e24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u00a0Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\n\nThis issue affects Junos OS Evolved PTX Series:\n\n\n\n  *  All versions before 22.4R3-S8-EVO,\n  *  from 23.2 before 23.2R2-S5-EVO,\n  *  from 23.4 before 23.4R2-EVO,\n  *  from 24.2 before 24.2R2-EVO,\n  *  from 24.4 before\u00a024.4R2-EVO.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  22.2-EVO version before 22.2R3-S7-EVO,\n  *  22.4-EVO version before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO, \n  *  24.2-EVO versions before 24.2R2-S1-EVO,\n  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T21:25:32.594Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103159"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eFor PTX Series: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\u003cbr\u003eFor QFX5000 Series: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nFor PTX Series: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\nFor QFX5000 Series: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103159",
        "defect": [
          "1808638",
          "1869606"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-14T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue.\u003cbr\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-59969",
    "datePublished": "2026-04-09T21:25:32.594Z",
    "dateReserved": "2025-09-23T18:19:06.955Z",
    "dateUpdated": "2026-04-09T21:25:32.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59969\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2026-04-09T22:16:24.100\",\"lastModified\":\"2026-04-09T22:16:24.100\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u00a0Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\\n\\nThis issue affects Junos OS Evolved PTX Series:\\n\\n\\n\\n  *  All versions before 22.4R3-S8-EVO,\\n  *  from 23.2 before 23.2R2-S5-EVO,\\n  *  from 23.4 before 23.4R2-EVO,\\n  *  from 24.2 before 24.2R2-EVO,\\n  *  from 24.4 before\u00a024.4R2-EVO.\\n\\n\\n\\n\\nThis issue affects Junos OS Evolved on QFX5000 Series:\\n\\n\\n\\n  *  22.2-EVO version before 22.2R3-S7-EVO,\\n  *  22.4-EVO version before 22.4R3-S7-EVO,\\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\\n  *  23.4-EVO versions before 23.4R2-S5-EVO, \\n  *  24.2-EVO versions before 24.2R2-S1-EVO,\\n  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\\n\\n\\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA103159\",\"source\":\"sirt@juniper.net\"}]}}"
  }
}

FKIE_CVE-2025-59969

Vulnerability from fkie_nvd - Published: 2026-04-09 22:16 - Updated: 2026-04-09 22:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://kb.juniper.net/JSA103159

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u00a0Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\n\nThis issue affects Junos OS Evolved PTX Series:\n\n\n\n  *  All versions before 22.4R3-S8-EVO,\n  *  from 23.2 before 23.2R2-S5-EVO,\n  *  from 23.4 before 23.4R2-EVO,\n  *  from 24.2 before 24.2R2-EVO,\n  *  from 24.4 before\u00a024.4R2-EVO.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  22.2-EVO version before 22.2R3-S7-EVO,\n  *  22.4-EVO version before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO, \n  *  24.2-EVO versions before 24.2R2-S1-EVO,\n  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO."
    }
  ],
  "id": "CVE-2025-59969",
  "lastModified": "2026-04-09T22:16:24.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "CONCENTRATED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-09T22:16:24.100",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://kb.juniper.net/JSA103159"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2026-1022

Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-04-09 22:00

Summary

Juniper Patchday April 2026: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs. JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. Die Juniper MX-Serie ist eine Produktfamilie von Routern. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen – sogar Root-Rechte – zu erlangen, beliebigen Code auszuführen – auch mit erweiterten Berechtigungen –, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder Daten zu manipulieren.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2022-24805

CVE-2025-30650

CVE-2025-59969

CVE-2026-21915

CVE-2026-21916

CVE-2026-21919

CVE-2026-33771

CVE-2026-33773

CVE-2026-33774

CVE-2026-33775

CVE-2026-33776

CVE-2026-33778

CVE-2026-33779

CVE-2026-33780

CVE-2026-33781

CVE-2026-33782

CVE-2026-33783

CVE-2026-33784

CVE-2026-33785

CVE-2026-33786

CVE-2026-33787

CVE-2026-33788

CVE-2026-33790

CVE-2026-33791

CVE-2026-33793

CVE-2026-33797

CVE-2026-21904

CVE-2025-13914

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://supportportal.juniper.net/s/global-search…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external
	https://supportportal.juniper.net/s/article/2026-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs.\r\nJUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nJunos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen \u2013 sogar Root-Rechte \u2013 zu erlangen, beliebigen Code auszuf\u00fchren \u2013 auch mit erweiterten Berechtigungen \u2013, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1022 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1022.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1022 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1022"
      },
      {
        "category": "external",
        "summary": "Juniper Patchday April 2026 vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=100"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Apstra: SSH host key validation vulnerability for managed devices (CVE-2025-13914) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - CTP OS: Configuring password requirements does not work which permits the use of weak passwords (CVE-2026-33771) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root (CVE-2026-21915) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-JSI-Virtual-Lightweight-Collector-Shell-escape-allows-privilege-escalation-to-root-CVE-2026-21915"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting netconf sessions causes management unavailability (CVE-2026-21919) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset (CVE-2026-33797) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: CVE-2022-24805 resolved in net-SNMP vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root (CVE-2026-33791) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald (CVE-2026-33780) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information (CVE-2026-33776) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system (CVE-2026-33793) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: Local, authenticated attackers can gain access to FPCs (CVE-2026-33788) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftman crashes (CVE-2026-33783) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart (CVE-2025-59969) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-and-PTX-Series-An-attacker-sending-crafted-multicast-packets-will-cause-evo-aftmand-evo-pfemand-to-crash-and-restart-CVE-2025-59969"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: A low privileged user can escalate their privileges so that they can login as root (CVE-2026-21916) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied (CVE-2026-33773) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed (CVE-2026-33781) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Firewall filters on lo0. in the default routing instance are not in effect (CVE-2026-33774) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts (CVE-2026-33782) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd (CVE-2026-33775) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: MX Series: Missing Authorization for specific \u0027request\u0027 CLI commands in a JDM/CSDS scenario (CVE-2026-33785) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: Privileged local user can gain access to a Linux-based FPC as root (CVE-2025-30650) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes (CVE-2026-33778) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart. (CVE-2026-33790) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication (CVE-2026-33779) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed chassisd crashes (CVE-2026-33787) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd crashes (CVE-2026-33786) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection (CVE-2026-21904) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-Space-ilpFilter-field-on-nLegacy-jsp-is-vulnerable-to-reflected-cross-site-script-injection-CVE-2026-21904"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin - vLWC: Default password is not required to be changed which allows unauthorized high-privileged access (CVE-2026-33784) vom 2026-04-08",
        "url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Patchday April 2026: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-09T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-10T07:05:13.126+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1022",
      "initial_release_date": "2026-04-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-21088, EUVD-2026-21086, EUVD-2026-21091, EUVD-2026-21090, EUVD-2026-21085, EUVD-2026-21092, EUVD-2026-21080, EUVD-2026-21082, EUVD-2026-21078, EUVD-2026-21077, EUVD-2025-209396, EUVD-2026-21095, EUVD-2026-21206, EUVD-2026-21205, EUVD-2026-21204, EUVD-2026-21203, EUVD-2026-21201, EUVD-2026-21199, EUVD-2026-21197, EUVD-2026-21196, EUVD-2026-21195, EUVD-2025-209397, EUVD-2026-21093, EUVD-2026-21207, EUVD-2026-21193, EUVD-2026-21208"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.1.1",
                "product": {
                  "name": "Juniper Apstra \u003c6.1.1",
                  "product_id": "T052563"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.1",
                "product": {
                  "name": "Juniper Apstra 6.1.1",
                  "product_id": "T052563-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:apstra:6.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Apstra"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "OS",
                "product": {
                  "name": "Juniper JUNOS OS",
                  "product_id": "T052565",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS Evolved",
                "product": {
                  "name": "Juniper JUNOS OS Evolved",
                  "product_id": "T052566",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_evolved"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R5 Patch V3",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R5 Patch V3",
                  "product_id": "T052571"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R5 Patch V3",
                "product": {
                  "name": "Juniper Junos Space 24.1R5 Patch V3",
                  "product_id": "T052571-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r5_patch_v3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          },
          {
            "category": "product_name",
            "name": "Juniper MX Series",
            "product": {
              "name": "Juniper MX Series",
              "product_id": "T052568",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:mx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper QFX Series",
            "product": {
              "name": "Juniper QFX Series",
              "product_id": "T052567",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:qfx:os_evolved"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper SRX Series",
            "product": {
              "name": "Juniper SRX Series",
              "product_id": "T052569",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:srx_service_gateways:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-24805",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2022-24805"
    },
    {
      "cve": "CVE-2025-30650",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-30650"
    },
    {
      "cve": "CVE-2025-59969",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-59969"
    },
    {
      "cve": "CVE-2026-21915",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21915"
    },
    {
      "cve": "CVE-2026-21916",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21916"
    },
    {
      "cve": "CVE-2026-21919",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21919"
    },
    {
      "cve": "CVE-2026-33771",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33771"
    },
    {
      "cve": "CVE-2026-33773",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33773"
    },
    {
      "cve": "CVE-2026-33774",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33774"
    },
    {
      "cve": "CVE-2026-33775",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33775"
    },
    {
      "cve": "CVE-2026-33776",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33776"
    },
    {
      "cve": "CVE-2026-33778",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33778"
    },
    {
      "cve": "CVE-2026-33779",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33779"
    },
    {
      "cve": "CVE-2026-33780",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33780"
    },
    {
      "cve": "CVE-2026-33781",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33781"
    },
    {
      "cve": "CVE-2026-33782",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33782"
    },
    {
      "cve": "CVE-2026-33783",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33783"
    },
    {
      "cve": "CVE-2026-33784",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33784"
    },
    {
      "cve": "CVE-2026-33785",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33785"
    },
    {
      "cve": "CVE-2026-33786",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33786"
    },
    {
      "cve": "CVE-2026-33787",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33787"
    },
    {
      "cve": "CVE-2026-33788",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33788"
    },
    {
      "cve": "CVE-2026-33790",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33790"
    },
    {
      "cve": "CVE-2026-33791",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33791"
    },
    {
      "cve": "CVE-2026-33793",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33793"
    },
    {
      "cve": "CVE-2026-33797",
      "product_status": {
        "known_affected": [
          "T052568",
          "T052569",
          "T052566",
          "T052567",
          "T052565"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-33797"
    },
    {
      "cve": "CVE-2026-21904",
      "product_status": {
        "known_affected": [
          "T052571"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2026-21904"
    },
    {
      "cve": "CVE-2025-13914",
      "product_status": {
        "known_affected": [
          "T052563"
        ]
      },
      "release_date": "2026-04-08T22:00:00.000+00:00",
      "title": "CVE-2025-13914"
    }
  ]
}

GHSA-QR7G-RJ69-5948

Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30

Details

This issue affects Junos OS Evolved PTX Series:

All versions before 22.4R3-S8-EVO,
from 23.2 before 23.2R2-S5-EVO,
from 23.4 before 23.4R2-EVO,
from 24.2 before 24.2R2-EVO,
from 24.4 before 24.4R2-EVO.

This issue affects Junos OS Evolved on QFX5000 Series:

22.2-EVO version before 22.2R3-S7-EVO,
22.4-EVO version before 22.4R3-S7-EVO,
23.2-EVO versions before 23.2R2-S4-EVO,
23.4-EVO versions before 23.4R2-S5-EVO,
24.2-EVO versions before 24.2R2-S1-EVO,
24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-59969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-09T22:16:24Z",
    "severity": "HIGH"
  },
  "details": "A Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u00a0Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\n\nThis issue affects Junos OS Evolved PTX Series:\n\n\n\n  *  All versions before 22.4R3-S8-EVO,\n  *  from 23.2 before 23.2R2-S5-EVO,\n  *  from 23.4 before 23.4R2-EVO,\n  *  from 24.2 before 24.2R2-EVO,\n  *  from 24.4 before\u00a024.4R2-EVO.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n  *  22.2-EVO version before 22.2R3-S7-EVO,\n  *  22.4-EVO version before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S5-EVO, \n  *  24.2-EVO versions before 24.2R2-S1-EVO,\n  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.",
  "id": "GHSA-qr7g-rj69-5948",
  "modified": "2026-04-10T00:30:29Z",
  "published": "2026-04-10T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59969"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA103159"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59969 (GCVE-0-2025-59969)

FKIE_CVE-2025-59969

WID-SEC-W-2026-1022

GHSA-QR7G-RJ69-5948

Tags

Sightings

Nomenclature