{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/cpes/cpe2.3ofreebsdfreebsd12.0p7/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2020-7450"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Juniper cRPD","Juniper CTPView \u003c 9.3R2-3","Juniper Network Director \u003c 7.1R3","Junos OS","Junos OS Evolved","Junos OS on MX Series with SPC3 and SRX Series","Junos Space \u003c 26.1R1 Patch V1"],"_cs_severities":["high"],"_cs_tags":["vulnerability","network-device","juniper","patch-management"],"_cs_type":"advisory","_cs_vendors":["Juniper Networks"],"content_html":"\u003cp\u003eOn July 8, 2026, Juniper Networks published security advisories to address critical vulnerabilities affecting a wide range of its networking products. The advisories highlight issues in Juniper cRPD, CTPView, Network Director, Junos OS, Junos OS Evolved, Junos OS on MX Series with SPC3 and SRX Series, and Junos Space. Two notable vulnerabilities are CVE-2020-7450, a heap buffer overflow in the \u003ccode\u003elibfetch\u003c/code\u003e component of Junos OS Evolved, and CVE-2026-33799, a memory leak in the \u003ccode\u003esnmpd\u003c/code\u003e daemon affecting both Junos OS and Junos OS Evolved. These flaws could be exploited by remote attackers, potentially leading to arbitrary code execution or denial of service on affected devices. Organizations using Juniper products are strongly urged to review the advisories and apply the necessary updates to mitigate these risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker performs reconnaissance to identify internet-facing Juniper Networks devices running vulnerable versions of Junos OS or Junos OS Evolved.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFor CVE-2020-7450 (Junos OS Evolved):\u003c/strong\u003e The attacker crafts and sends a malicious HTTP/HTTPS request containing a specially malformed URL to the target device.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003elibfetch\u003c/code\u003e component within Junos OS Evolved attempts to parse the malformed URL, triggering a heap buffer overflow condition.\u003c/li\u003e\n\u003cli\u003eThis heap buffer overflow can be exploited by the attacker to achieve arbitrary code execution on the device, potentially leading to full system compromise.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFor CVE-2026-33799 (Junos OS/Evolved):\u003c/strong\u003e The attacker crafts and sends a specific, malformed SNMPv3 request to the vulnerable Juniper device.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esnmpd\u003c/code\u003e daemon on the device processes the crafted SNMPv3 request, which results in a memory leak within the daemon's allocated memory space.\u003c/li\u003e\n\u003cli\u003eThe attacker continuously sends repeated crafted SNMPv3 requests, causing further memory leaks and gradually depleting the \u003ccode\u003esnmpd\u003c/code\u003e daemon's resources.\u003c/li\u003e\n\u003cli\u003eEventually, the persistent memory exhaustion causes the \u003ccode\u003esnmpd\u003c/code\u003e daemon to crash, leading to a Denial of Service for SNMP services on the affected Juniper device.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe identified vulnerabilities pose significant risks to network infrastructure. Exploitation of CVE-2020-7450, a heap buffer overflow, could allow an unauthenticated attacker to achieve arbitrary code execution on Junos OS Evolved devices. This would grant the attacker full control over the device, enabling data exfiltration, network segmentation bypass, or further compromise of the internal network. CVE-2026-33799, a memory leak, can lead to a denial of service for SNMP services on both Junos OS and Junos OS Evolved. While not directly leading to system compromise, a crashed SNMP daemon can disrupt network monitoring, management, and potentially impact other critical services reliant on SNMP, leading to operational downtime and reduced visibility into network health.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the recommended updates and patches provided by Juniper Networks for all affected products as detailed in the Juniper Networks security advisories linked in this brief.\u003c/li\u003e\n\u003cli\u003eEnsure that internet-facing Junos OS Evolved devices are patched against CVE-2020-7450 to prevent potential arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eVerify that Junos OS and Junos OS Evolved devices are updated to mitigate CVE-2026-33799 and prevent SNMP service denial of service.\u003c/li\u003e\n\u003cli\u003eReview the specific security bulletins (e.g., \u0026quot;2026-07 Security Bulletin: CTPView: Multiple vulnerabilities resolved in 9.3R2-3 Release\u0026quot;, \u0026quot;2026-07 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 26.1R1 Patch V1 Release\u0026quot;) for precise version requirements and update paths.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-08T18:01:34Z","date_published":"2026-07-08T18:01:34Z","id":"https://feed.craftedsignal.io/briefs/2026-07-juniper-networks-vulnerabilities/","summary":"Juniper Networks has released security advisories to address multiple vulnerabilities across several products, including Juniper cRPD, CTPView, Network Director, Junos OS, Junos OS Evolved, Junos OS on MX Series with SPC3 and SRX Series, and Junos Space, with key vulnerabilities like a heap buffer overflow (CVE-2020-7450) and a memory leak (CVE-2026-33799) potentially leading to arbitrary code execution or denial of service.","title":"Juniper Networks Releases Security Advisories for Multiple Vulnerabilities, Including Heap Buffer Overflow and Memory Leak","url":"https://feed.craftedsignal.io/briefs/2026-07-juniper-networks-vulnerabilities/"}],"language":"en","title":"CraftedSignal Threat Feed - Cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*","version":"https://jsonfeed.org/version/1.1"}