Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33773 (GCVE-0-2026-33773)
Vulnerability from cvelistv5 – Published: 2026-04-09 21:28 – Updated: 2026-04-13 18:06
VLAI?
EPSS
Title
Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied
Summary
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.
This issue affects Junos OS on EX Series and QFX Series:
* 23.4 version 23.4R2-S6,
* 24.2 version 24.2R2-S3.
No other Junos OS versions are affected.
Severity ?
CWE
- CWE-1419 - Incorrect Initialization of Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA107815 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.4R2-S6 , < 23.4R2-S7
(semver)
Affected: 24.2R2-S3 , < 24.2R2-S4 (semver) |
Date Public ?
2026-04-08 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T17:39:31.771075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T18:06:20.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series",
"QFX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.4R2-S7",
"status": "affected",
"version": "23.4R2-S6",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S4",
"status": "affected",
"version": "24.2R2-S3",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For a device to be affected the same filter needs to be applied as output to an IRB interface and a non-IRB interface as shown in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003einterfaces \u0026lt;interface1\u0026gt; unit \u0026lt;unit1\u0026gt; family inet/inet6 filter output \u0026lt;filter\u0026gt;\u003cbr\u003e\u003cbr\u003evlans \u0026lt;vlan_name\u0026gt; vlan-id \u0026lt;vlan#\u0026gt;\u003cbr\u003evlans \u0026lt;vlan_name\u0026gt; l3-interface irb.\u0026lt;unit2\u0026gt;\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einterfaces \u0026lt;interface2\u0026gt; unit \u0026lt;unit3\u0026gt; family ethernet-switching vlan members \u0026lt;vlan_name\u0026gt;\u003c/span\u003e\u003cbr\u003e\n\ninterfaces irb unit \u0026lt;unit2\u0026gt; family inet/inet6 filter output \u0026lt;filter\u0026gt;\u003c/span\u003e\u003cbr\u003e\n\n\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "For a device to be affected the same filter needs to be applied as output to an IRB interface and a non-IRB interface as shown in the following example:\n\ninterfaces \u003cinterface1\u003e unit \u003cunit1\u003e family inet/inet6 filter output \u003cfilter\u003e\n\nvlans \u003cvlan_name\u003e vlan-id \u003cvlan#\u003e\nvlans \u003cvlan_name\u003e l3-interface irb.\u003cunit2\u003e\n\n\n\n\ninterfaces \u003cinterface2\u003e unit \u003cunit3\u003e family ethernet-switching vlan members \u003cvlan_name\u003e\n\n\ninterfaces irb unit \u003cunit2\u003e family inet/inet6 filter output \u003cfilter\u003e"
}
],
"datePublic": "2026-04-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\u003cbr\u003e\u003cbr\u003eWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on EX Series and QFX Series:\u003cbr\u003e\u003cul\u003e\u003cli\u003e23.4 version 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 version 24.2R2-S3.\u003c/li\u003e\u003c/ul\u003eNo other Junos OS versions are affected.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\n\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\n\nThis issue affects Junos OS on EX Series and QFX Series:\n * 23.4 version 23.4R2-S6,\n * 24.2 version 24.2R2-S3.\n\n\nNo other Junos OS versions are affected."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1419",
"description": "CWE-1419 Incorrect Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T21:28:56.625Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA107815"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4."
}
],
"source": {
"advisory": "JSA107815",
"defect": [
"1900891"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Two different workarounds are available:\u003cbr\u003e\u003cbr\u003e\n\n1. create the same filter but under a different name and apply that to one of the interfaces, so that each interface has a unique copy of the filter in question as shown in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host# copy ... \u0026lt;filter\u0026gt; to ... \u0026lt;filter2\u0026gt;\u003cbr\u003euser@host# set\u0026nbsp;interfaces irb unit \u0026lt;unit2\u0026gt; family inet/inet6 filter output \u0026lt;filter2\u0026gt;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\n\n2. configure the filter as \"interface specific\" by adding the keyword to the filter definition:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003e[ f\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eirewall family inet/inet6 filter \u0026lt;filter\u0026gt; interface-specific\u0026nbsp;\u003c/span\u003e]\u003cbr\u003e\u003c/tt\u003e \u003cbr\u003ewhich implicitly creates a copy of the original filter per applied interface."
}
],
"value": "Two different workarounds are available:\n\n\n\n1. create the same filter but under a different name and apply that to one of the interfaces, so that each interface has a unique copy of the filter in question as shown in the following example:\n\nuser@host# copy ... \u003cfilter\u003e to ... \u003cfilter2\u003e\nuser@host# set\u00a0interfaces irb unit \u003cunit2\u003e family inet/inet6 filter output \u003cfilter2\u003e\n\n\n\n\n2. configure the filter as \"interface specific\" by adding the keyword to the filter definition:\n\n[ firewall family inet/inet6 filter \u003cfilter\u003e interface-specific\u00a0]\n \nwhich implicitly creates a copy of the original filter per applied interface."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-33773",
"datePublished": "2026-04-09T21:28:56.625Z",
"dateReserved": "2026-03-23T19:46:13.668Z",
"dateUpdated": "2026-04-13T18:06:20.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33773",
"date": "2026-05-25",
"epss": "0.00051",
"percentile": "0.15865"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33773\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2026-04-09T22:16:25.590\",\"lastModified\":\"2026-04-17T17:56:54.663\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\\n\\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\\n\\nThis issue affects Junos OS on EX Series and QFX Series:\\n * 23.4 version 23.4R2-S6,\\n * 24.2 version 24.2R2-S3.\\n\\n\\nNo other Junos OS versions are affected.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"619B5EA0-0369-4AFE-AD8B-A3A22B326F9E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3302CB-457F-4BD2-B80B-F70FB4C4542E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979C3597-C53B-4F4B-9EA7-126DA036C86D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47DAF5E7-E610-4D74-8573-41C16D642837\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152FD759-F5D2-4ACE-ADD6-7FE89B31D961\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2521C83-E8F2-4621-9727-75BB3FC11E64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F496D19-D28C-4517-90A3-90EC62BC5D79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E594D6DC-87F6-40D2-8268-ED6021462168\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1BB20B5-EA30-4E8E-9055-2E629648436A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B425BB1-3C78-42B1-A6C1-216E514191F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E82CE3-F43D-4B29-A64D-B14ADB6CC357\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13C0199E-B9F0-41D3-B625-083990517CDF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8790B456-DFC7-4E82-9A0C-C89787139B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1453E42A-77B3-4922-8EC3-1A5668C39550\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26408465-BD6A-4416-B98E-691A5F651080\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A8847B-4F98-4949-8639-5CD2B411D10F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09EBDE4B-764F-4DF1-844A-BB8A52CD53EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB58A6E9-FFCF-4331-AC3B-45C37BD1943E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDC5478F-A047-4F6D-BB11-0077A74C0174\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D877320D-1997-4B66-B11B-864020C755E1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D193BEBD-9436-468D-B89E-D5720603451D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ABF8F9D-45C1-4554-A213-435A68709FCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"685120A6-7005-4ECB-A37F-0F225BB92676\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7D6C74F-E85F-4D62-BDAF-FE619B467C76\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA107815\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33773\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-13T17:39:31.771075Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T17:58:44.055Z\"}}], \"cna\": {\"title\": \"Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied\", \"source\": {\"defect\": [\"1900891\"], \"advisory\": \"JSA107815\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.9, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/AU:Y/R:U/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.4R2-S6\", \"lessThan\": \"23.4R2-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2R2-S3\", \"lessThan\": \"24.2R2-S4\", \"versionType\": \"semver\"}], \"platforms\": [\"EX Series\", \"QFX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4.\", \"base64\": false}]}], \"datePublic\": \"2026-04-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://kb.juniper.net/JSA107815\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Two different workarounds are available:\\n\\n\\n\\n1. create the same filter but under a different name and apply that to one of the interfaces, so that each interface has a unique copy of the filter in question as shown in the following example:\\n\\nuser@host# copy ... \u003cfilter\u003e to ... \u003cfilter2\u003e\\nuser@host# set\\u00a0interfaces irb unit \u003cunit2\u003e family inet/inet6 filter output \u003cfilter2\u003e\\n\\n\\n\\n\\n2. configure the filter as \\\"interface specific\\\" by adding the keyword to the filter definition:\\n\\n[ firewall family inet/inet6 filter \u003cfilter\u003e interface-specific\\u00a0]\\n \\nwhich implicitly creates a copy of the original filter per applied interface.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Two different workarounds are available:\u003cbr\u003e\u003cbr\u003e\\n\\n1. create the same filter but under a different name and apply that to one of the interfaces, so that each interface has a unique copy of the filter in question as shown in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@host# copy ... \u0026lt;filter\u0026gt; to ... \u0026lt;filter2\u0026gt;\u003cbr\u003euser@host# set\u0026nbsp;interfaces irb unit \u0026lt;unit2\u0026gt; family inet/inet6 filter output \u0026lt;filter2\u0026gt;\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003e\\n\\n2. configure the filter as \\\"interface specific\\\" by adding the keyword to the filter definition:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003e[ f\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eirewall family inet/inet6 filter \u0026lt;filter\u0026gt; interface-specific\u0026nbsp;\u003c/span\u003e]\u003cbr\u003e\u003c/tt\u003e \u003cbr\u003ewhich implicitly creates a copy of the original filter per applied interface.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\\n\\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\\n\\nThis issue affects Junos OS on EX Series and QFX Series:\\n * 23.4 version 23.4R2-S6,\\n * 24.2 version 24.2R2-S3.\\n\\n\\nNo other Junos OS versions are affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\u003cbr\u003e\u003cbr\u003eWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on EX Series and QFX Series:\u003cbr\u003e\u003cul\u003e\u003cli\u003e23.4 version 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 version 24.2R2-S3.\u003c/li\u003e\u003c/ul\u003eNo other Junos OS versions are affected.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1419\", \"description\": \"CWE-1419 Incorrect Initialization of Resource\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"For a device to be affected the same filter needs to be applied as output to an IRB interface and a non-IRB interface as shown in the following example:\\n\\ninterfaces \u003cinterface1\u003e unit \u003cunit1\u003e family inet/inet6 filter output \u003cfilter\u003e\\n\\nvlans \u003cvlan_name\u003e vlan-id \u003cvlan#\u003e\\nvlans \u003cvlan_name\u003e l3-interface irb.\u003cunit2\u003e\\n\\n\\n\\n\\ninterfaces \u003cinterface2\u003e unit \u003cunit3\u003e family ethernet-switching vlan members \u003cvlan_name\u003e\\n\\n\\ninterfaces irb unit \u003cunit2\u003e family inet/inet6 filter output \u003cfilter\u003e\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For a device to be affected the same filter needs to be applied as output to an IRB interface and a non-IRB interface as shown in the following example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003einterfaces \u0026lt;interface1\u0026gt; unit \u0026lt;unit1\u0026gt; family inet/inet6 filter output \u0026lt;filter\u0026gt;\u003cbr\u003e\u003cbr\u003evlans \u0026lt;vlan_name\u0026gt; vlan-id \u0026lt;vlan#\u0026gt;\u003cbr\u003evlans \u0026lt;vlan_name\u0026gt; l3-interface irb.\u0026lt;unit2\u0026gt;\u003cbr\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003einterfaces \u0026lt;interface2\u0026gt; unit \u0026lt;unit3\u0026gt; family ethernet-switching vlan members \u0026lt;vlan_name\u0026gt;\u003c/span\u003e\u003cbr\u003e\\n\\ninterfaces irb unit \u0026lt;unit2\u0026gt; family inet/inet6 filter output \u0026lt;filter\u0026gt;\u003c/span\u003e\u003cbr\u003e\\n\\n\u003c/tt\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2026-04-09T21:28:56.625Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33773\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-13T18:06:20.091Z\", \"dateReserved\": \"2026-03-23T19:46:13.668Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2026-04-09T21:28:56.625Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0408
Vulnerability from certfr_avis - Published: 2026-04-09 - Updated: 2026-04-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS versions 24.2 antérieures à 24.2R2-S4 sur SRX Series et MX Series | ||
| Juniper Networks | N/A | Junos OS versions 24.4R2 antérieures à 24.4R2-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S8-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S9 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4R3 antérieures à 22.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 | ||
| Juniper Networks | N/A | Junos OS versions 24.4R1 antérieures à 24.4R1-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.4R1-EVO antérieures à 24.4R1-S3-EVO | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R3-S12 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S7-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2-S7 | ||
| Juniper Networks | N/A | Junos OS versions 24.2 antérieures à 24.2R2-S3 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 23.2R2-S6 sur SRX Series et MX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4R3 antérieures à 22.4R3-S9-EVO sur PTX Series | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2-S7 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS versions 25.2R2 antérieures à 25.2R2 | ||
| Juniper Networks | N/A | Junos OS versions 25.2R1 antérieures à 25.2R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 23.4R2-S7 sur SRX Series et MX Series | ||
| Juniper Networks | N/A | Junos OS versions 24.2R2 antérieures à 24.2R2-S4 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S6 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 25.2R2-EVO antérieures à 25.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 | ||
| Juniper Networks | N/A | Junos OS versions 21.2R3 antérieures à 21.2R3-S10 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S9 sur SRX Series et MX Series | ||
| Juniper Networks | N/A | Junos OS versions 25.2 antérieures à 25.2R2 sur SRX Series et MX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S5-EVO | ||
| Juniper Networks | N/A | Junos OS versions 23.2R2 antérieures à 23.2R2-S7 | ||
| Juniper Networks | N/A | JSI vLWC versions antérieures à 3.0.94 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S6-EVO sur PTX Series | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S8 sur SRX Series | ||
| Juniper Networks | N/A | Junos OS versions 22.4R3 antérieures à 22.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 25.2R1-EVO antérieures à 25.2R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.4R2-EVO antérieures à 24.4R2-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S4 sur SRX Series et MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R2 ant\u00e9rieures \u00e0 24.4R2-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S9 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R1 ant\u00e9rieures \u00e0 24.4R1-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4R1-EVO ant\u00e9rieures \u00e0 24.4R1-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S12 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S7-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S3 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 23.2R2-S6 sur SRX Series et MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S9-EVO sur PTX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S7 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 25.2R2 ant\u00e9rieures \u00e0 25.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 25.2R1 ant\u00e9rieures \u00e0 25.2R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 23.4R2-S7 sur SRX Series et MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2R2 ant\u00e9rieures \u00e0 24.2R2-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S6 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 25.2R2-EVO ant\u00e9rieures \u00e0 25.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2R3 ant\u00e9rieures \u00e0 21.2R3-S10 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S9 sur SRX Series et MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 25.2 ant\u00e9rieures \u00e0 25.2R2 sur SRX Series et MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2R2 ant\u00e9rieures \u00e0 23.2R2-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": " JSI vLWC versions ant\u00e9rieures \u00e0 3.0.94",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S6-EVO sur PTX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S8 sur SRX Series ",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4R3 ant\u00e9rieures \u00e0 22.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 25.2R1-EVO ant\u00e9rieures \u00e0 25.2R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4R2-EVO ant\u00e9rieures \u00e0 24.4R2-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO sur PTX10004, PTX10008, PTX100016 avec JNP10K-LC1201 ou JNP10K-LC1202",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33773"
},
{
"name": "CVE-2026-33785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33785"
},
{
"name": "CVE-2026-33780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33780"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2026-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21919"
},
{
"name": "CVE-2026-33771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33771"
},
{
"name": "CVE-2025-30650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30650"
},
{
"name": "CVE-2026-33797",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33797"
},
{
"name": "CVE-2026-33779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33779"
},
{
"name": "CVE-2025-13914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13914"
},
{
"name": "CVE-2026-33784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33784"
},
{
"name": "CVE-2026-33786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33786"
},
{
"name": "CVE-2026-33776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33776"
},
{
"name": "CVE-2026-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21916"
},
{
"name": "CVE-2026-33781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33781"
},
{
"name": "CVE-2026-33787",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33787"
},
{
"name": "CVE-2026-33778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33778"
},
{
"name": "CVE-2026-33791",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33791"
},
{
"name": "CVE-2026-33790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33790"
},
{
"name": "CVE-2026-33783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33783"
},
{
"name": "CVE-2026-33774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33774"
},
{
"name": "CVE-2026-33775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33775"
},
{
"name": "CVE-2026-33788",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33788"
},
{
"name": "CVE-2026-33782",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33782"
},
{
"name": "CVE-2026-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21915"
}
],
"initial_release_date": "2026-04-09T00:00:00",
"last_revision_date": "2026-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0408",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107868",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107864",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107863",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107823",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107822",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107872",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107869",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107821",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107865",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107810",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107871",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107820",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107815",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA106019",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107850",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107866",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107873",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107874",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107875",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107807",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107806",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA106016",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-JSI-Virtual-Lightweight-Collector-Shell-escape-allows-privilege-escalation-to-root-CVE-2026-21915"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107819",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107862",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914"
},
{
"published_at": "2026-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA107870",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783"
}
]
}
FKIE_CVE-2026-33773
Vulnerability from fkie_nvd - Published: 2026-04-09 22:16 - Updated: 2026-04-17 17:56
Severity ?
Summary
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.
This issue affects Junos OS on EX Series and QFX Series:
* 23.4 version 23.4R2-S6,
* 24.2 version 24.2R2-S3.
No other Junos OS versions are affected.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA107815 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 23.4 | |
| juniper | junos | 24.2 | |
| juniper | ex2300 | - | |
| juniper | ex2300-c | - | |
| juniper | ex3400 | - | |
| juniper | ex4000 | - | |
| juniper | ex4100 | - | |
| juniper | ex4100-f | - | |
| juniper | ex4100-h | - | |
| juniper | ex4300 | - | |
| juniper | ex4400 | - | |
| juniper | ex4600 | - | |
| juniper | ex4650 | - | |
| juniper | ex9204 | - | |
| juniper | ex9208 | - | |
| juniper | ex9214 | - | |
| juniper | qfx10008 | - | |
| juniper | qfx10016 | - | |
| juniper | qfx5110 | - | |
| juniper | qfx5120 | - | |
| juniper | qfx5130 | - | |
| juniper | qfx5200 | - | |
| juniper | qfx5210 | - | |
| juniper | qfx5220 | - | |
| juniper | qfx5230-64cd | - | |
| juniper | qfx5240 | - | |
| juniper | qfx5241 | - | |
| juniper | qfx5700 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s6:*:*:*:*:*:*",
"matchCriteriaId": "4D9A36E5-A1BB-46E1-91B6-91A4C40C1B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "619B5EA0-0369-4AFE-AD8B-A3A22B326F9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979C3597-C53B-4F4B-9EA7-126DA036C86D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152FD759-F5D2-4ACE-ADD6-7FE89B31D961",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F496D19-D28C-4517-90A3-90EC62BC5D79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA4A8C7-EBC0-449E-BD37-69FABDC917C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8790B456-DFC7-4E82-9A0C-C89787139B79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1453E42A-77B3-4922-8EC3-1A5668C39550",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx10016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26408465-BD6A-4416-B98E-691A5F651080",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABF8F9D-45C1-4554-A213-435A68709FCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "685120A6-7005-4ECB-A37F-0F225BB92676",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\n\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\n\nThis issue affects Junos OS on EX Series and QFX Series:\n * 23.4 version 23.4R2-S6,\n * 24.2 version 24.2R2-S3.\n\n\nNo other Junos OS versions are affected."
}
],
"id": "CVE-2026-33773",
"lastModified": "2026-04-17T17:56:54.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2026-04-09T22:16:25.590",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA107815"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-M7P5-CQG5-94P6
Vulnerability from github – Published: 2026-04-10 00:30 – Updated: 2026-04-10 00:30
VLAI?
Details
An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.
When the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.
This issue affects Junos OS on EX Series and QFX Series: * 23.4 version 23.4R2-S6, * 24.2 version 24.2R2-S3.
No other Junos OS versions are affected.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2026-33773"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-09T22:16:25Z",
"severity": "MODERATE"
},
"details": "An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-based attacker to cause an integrity impact to downstream networks.\n\nWhen the same family inet or inet6 filter is applied on an IRB interface and on a physical interface as egress filter on EX4100, EX4400, EX4650 and QFX5120 devices, only one of the two filters will be applied, which can lead to traffic being sent out one of these interfaces which should have been blocked.\n\nThis issue affects Junos OS on EX Series and QFX Series:\n * 23.4 version 23.4R2-S6,\n * 24.2 version 24.2R2-S3.\n\n\nNo other Junos OS versions are affected.",
"id": "GHSA-m7p5-cqg5-94p6",
"modified": "2026-04-10T00:30:29Z",
"published": "2026-04-10T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33773"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA107815"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
WID-SEC-W-2026-1022
Vulnerability from csaf_certbund - Published: 2026-04-08 22:00 - Updated: 2026-04-09 22:00Summary
Juniper Patchday April 2026: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs.
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen – sogar Root-Rechte – zu erlangen, beliebigen Code auszuführen – auch mit erweiterten Berechtigungen –, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuführen oder Daten zu manipulieren.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper MX Series
Juniper
|
cpe:/h:juniper:mx:-
|
— | |
|
Juniper SRX Series
Juniper
|
cpe:/h:juniper:srx_service_gateways:-
|
— | |
|
Juniper JUNOS OS Evolved
Juniper / JUNOS
|
cpe:/o:juniper:junos:os_evolved
|
OS Evolved | |
|
Juniper QFX Series
Juniper
|
cpe:/h:juniper:qfx:os_evolved
|
— | |
|
Juniper JUNOS OS
Juniper / JUNOS
|
cpe:/o:juniper:junos:os
|
OS |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Junos Space <24.1R5 Patch V3
Juniper / Junos Space
|
<24.1R5 Patch V3 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Juniper Apstra <6.1.1
Juniper / Apstra
|
<6.1.1 |
References
31 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://supportportal.juniper.net/s/global-search… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Juniper Apstra (ehemals bekannt als AOS) automatisiert alle Aspekte der Rechnzentrums-Netzwerkplanung, des Aufbaus, der Bereitstellung und des Betriebs.\r\nJUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nJunos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Juniper Apstra, Junos OS, Junos OS Evolved und Junos Space ausnutzen, um erweiterte Berechtigungen \u2013 sogar Root-Rechte \u2013 zu erlangen, beliebigen Code auszuf\u00fchren \u2013 auch mit erweiterten Berechtigungen \u2013, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1022 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1022.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1022 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1022"
},
{
"category": "external",
"summary": "Juniper Patchday April 2026 vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=100"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Apstra: SSH host key validation vulnerability for managed devices (CVE-2025-13914) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Apstra-SSH-host-key-validation-vulnerability-for-managed-devices-CVE-2025-13914"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - CTP OS: Configuring password requirements does not work which permits the use of weak passwords (CVE-2026-33771) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-CTP-OS-Configuring-password-requirements-does-not-work-which-permits-the-use-of-weak-passwords-CVE-2026-33771"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root (CVE-2026-21915) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-JSI-Virtual-Lightweight-Collector-Shell-escape-allows-privilege-escalation-to-root-CVE-2026-21915"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting netconf sessions causes management unavailability (CVE-2026-21919) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-high-frequency-of-connecting-and-disconnecting-netconf-sessions-causes-management-unavailability-CVE-2026-21919"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset (CVE-2026-33797) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: CVE-2022-24805 resolved in net-SNMP vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-CVE-2022-24805-resolved-in-net-SNMP"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root (CVE-2026-33791) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Execution-of-crafted-CLI-commands-allows-for-arbitrary-shell-injection-as-root-CVE-2026-33791"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald (CVE-2026-33780) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-MPLS-scenario-churn-of-ESI-routes-causes-a-memory-leak-in-l2ald-CVE-2026-33780"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information (CVE-2026-33776) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-low-privileged-CLI-command-exposes-sensitive-information-CVE-2026-33776"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS and Junos OS Evolved: When an unsigned Python op script configuration is present, a local low privileged user can compromise the system (CVE-2026-33793) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-an-unsigned-Python-op-script-configuration-is-present-a-local-low-privileged-user-can-compromise-the-system-CVE-2026-33793"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS Evolved: Local, authenticated attackers can gain access to FPCs (CVE-2026-33788) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-Local-authenticated-attackers-can-gain-access-to-FPCs-CVE-2026-33788"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftman crashes (CVE-2026-33783) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart (CVE-2025-59969) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-and-PTX-Series-An-attacker-sending-crafted-multicast-packets-will-cause-evo-aftmand-evo-pfemand-to-crash-and-restart-CVE-2025-59969"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: A low privileged user can escalate their privileges so that they can login as root (CVE-2026-21916) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-A-low-privileged-user-can-escalate-their-privileges-so-that-they-can-login-as-root-CVE-2026-21916"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: If the same egress filter is configured on both an IRB and a physical interface one of those is not applied (CVE-2026-33773) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-If-the-same-egress-filter-is-configured-on-both-an-IRB-and-a-physical-interface-one-of-those-is-not-applied-CVE-2026-33773"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed (CVE-2026-33781) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-EX-Series-QFX-Series-In-a-VXLAN-scenario-when-specific-control-protocol-packets-are-received-memory-leaks-and-eventually-no-traffic-is-passed-CVE-2026-33781"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: MX Series: Firewall filters on lo0. in the default routing instance are not in effect (CVE-2026-33774) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Firewall-filters-on-lo0-non-0-in-the-default-routing-instance-are-not-in-effect-CVE-2026-33774"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd memory increases continuously with subscriber logouts (CVE-2026-33782) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-In-specific-DHCPv6-scenarios-jdhcpd-memory-increases-continuously-with-subscriber-logouts-CVE-2026-33782"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: MX Series: Mismatch between configured and received packet types causes memory leak in bbe-smgd (CVE-2026-33775) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Mismatch-between-configured-and-received-packet-types-causes-memory-leak-in-bbe-smgd-CVE-2026-33775"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: MX Series: Missing Authorization for specific \u0027request\u0027 CLI commands in a JDM/CSDS scenario (CVE-2026-33785) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-MX-Series-Missing-Authorization-for-specific-request-CLI-commands-in-a-JDM-CSDS-scenario-CVE-2026-33785"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: Privileged local user can gain access to a Linux-based FPC as root (CVE-2025-30650) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Privileged-local-user-can-gain-access-to-a-Linux-based-FPC-as-root-CVE-2025-30650"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: SRX Series, MX Series: When a specifically malformed first ISAKMP packet is received kmd/iked crashes (CVE-2026-33778) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-When-a-specifically-malformed-first-ISAKMP-packet-is-received-kmd-iked-crashes-CVE-2026-33778"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart. (CVE-2026-33790) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-In-a-NAT64-configuration-receipt-of-a-specific-malformed-ICMPv6-packet-will-cause-the-srxpfe-process-to-crash-and-restart-CVE-2026-33790"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication (CVE-2026-33779) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specific show command is executed chassisd crashes (CVE-2026-33787) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-SRX4600-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33787"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd crashes (CVE-2026-33786) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX1600-SRX2300-SRX4300-When-a-specific-show-command-is-executed-chassisd-crashes-CVE-2026-33786"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection (CVE-2026-21904) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-Space-ilpFilter-field-on-nLegacy-jsp-is-vulnerable-to-reflected-cross-site-script-injection-CVE-2026-21904"
},
{
"category": "external",
"summary": "Juniper Security Bulletin - vLWC: Default password is not required to be changed which allows unauthorized high-privileged access (CVE-2026-33784) vom 2026-04-08",
"url": "https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-vLWC-Default-password-is-not-required-to-be-changed-which-allows-unauthorized-high-privileged-access-CVE-2026-33784"
}
],
"source_lang": "en-US",
"title": "Juniper Patchday April 2026: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-09T22:00:00.000+00:00",
"generator": {
"date": "2026-04-10T07:05:13.126+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1022",
"initial_release_date": "2026-04-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-21088, EUVD-2026-21086, EUVD-2026-21091, EUVD-2026-21090, EUVD-2026-21085, EUVD-2026-21092, EUVD-2026-21080, EUVD-2026-21082, EUVD-2026-21078, EUVD-2026-21077, EUVD-2025-209396, EUVD-2026-21095, EUVD-2026-21206, EUVD-2026-21205, EUVD-2026-21204, EUVD-2026-21203, EUVD-2026-21201, EUVD-2026-21199, EUVD-2026-21197, EUVD-2026-21196, EUVD-2026-21195, EUVD-2025-209397, EUVD-2026-21093, EUVD-2026-21207, EUVD-2026-21193, EUVD-2026-21208"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.1.1",
"product": {
"name": "Juniper Apstra \u003c6.1.1",
"product_id": "T052563"
}
},
{
"category": "product_version",
"name": "6.1.1",
"product": {
"name": "Juniper Apstra 6.1.1",
"product_id": "T052563-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:apstra:6.1.1"
}
}
}
],
"category": "product_name",
"name": "Apstra"
},
{
"branches": [
{
"category": "product_version",
"name": "OS",
"product": {
"name": "Juniper JUNOS OS",
"product_id": "T052565",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:os"
}
}
},
{
"category": "product_version",
"name": "OS Evolved",
"product": {
"name": "Juniper JUNOS OS Evolved",
"product_id": "T052566",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:os_evolved"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R5 Patch V3",
"product": {
"name": "Juniper Junos Space \u003c24.1R5 Patch V3",
"product_id": "T052571"
}
},
{
"category": "product_version",
"name": "24.1R5 Patch V3",
"product": {
"name": "Juniper Junos Space 24.1R5 Patch V3",
"product_id": "T052571-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r5_patch_v3"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
},
{
"category": "product_name",
"name": "Juniper MX Series",
"product": {
"name": "Juniper MX Series",
"product_id": "T052568",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:mx:-"
}
}
},
{
"category": "product_name",
"name": "Juniper QFX Series",
"product": {
"name": "Juniper QFX Series",
"product_id": "T052567",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:qfx:os_evolved"
}
}
},
{
"category": "product_name",
"name": "Juniper SRX Series",
"product": {
"name": "Juniper SRX Series",
"product_id": "T052569",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:srx_service_gateways:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24805",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2022-24805"
},
{
"cve": "CVE-2025-30650",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-30650"
},
{
"cve": "CVE-2025-59969",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-59969"
},
{
"cve": "CVE-2026-21915",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21915"
},
{
"cve": "CVE-2026-21916",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21916"
},
{
"cve": "CVE-2026-21919",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21919"
},
{
"cve": "CVE-2026-33771",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33771"
},
{
"cve": "CVE-2026-33773",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33773"
},
{
"cve": "CVE-2026-33774",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33774"
},
{
"cve": "CVE-2026-33775",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33775"
},
{
"cve": "CVE-2026-33776",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33776"
},
{
"cve": "CVE-2026-33778",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33778"
},
{
"cve": "CVE-2026-33779",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33779"
},
{
"cve": "CVE-2026-33780",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33780"
},
{
"cve": "CVE-2026-33781",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33781"
},
{
"cve": "CVE-2026-33782",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33782"
},
{
"cve": "CVE-2026-33783",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33783"
},
{
"cve": "CVE-2026-33784",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33784"
},
{
"cve": "CVE-2026-33785",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33785"
},
{
"cve": "CVE-2026-33786",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33786"
},
{
"cve": "CVE-2026-33787",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33787"
},
{
"cve": "CVE-2026-33788",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33788"
},
{
"cve": "CVE-2026-33790",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33790"
},
{
"cve": "CVE-2026-33791",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33791"
},
{
"cve": "CVE-2026-33793",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33793"
},
{
"cve": "CVE-2026-33797",
"product_status": {
"known_affected": [
"T052568",
"T052569",
"T052566",
"T052567",
"T052565"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-33797"
},
{
"cve": "CVE-2026-21904",
"product_status": {
"known_affected": [
"T052571"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2026-21904"
},
{
"cve": "CVE-2025-13914",
"product_status": {
"known_affected": [
"T052563"
]
},
"release_date": "2026-04-08T22:00:00.000+00:00",
"title": "CVE-2025-13914"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…