{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/juniper/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-33797"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve-2026-33797","denial-of-service","juniper","bgp","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33797 is a vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved versions 25.2 before 25.2R2 and 25.2-EVO before 25.2R2-EVO, respectively. It stems from improper input validation within the Border Gateway Protocol (BGP) handling. An unauthenticated, adjacent attacker can exploit this flaw by sending a crafted BGP packet to an already established BGP session. This malicious packet causes the targeted BGP session to reset, leading to a Denial of Service (DoS). Repeated transmission of the crafted packet can sustain the DoS condition. Both external BGP (eBGP) and internal BGP (iBGP) sessions are susceptible, and the vulnerability impacts both IPv4 and IPv6 network configurations. This vulnerability poses a risk to network stability and availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Juniper device running Junos OS or Junos OS Evolved versions 25.2 prior to 25.2R2 or 25.2-EVO prior to 25.2R2-EVO.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes network adjacency to the targeted device, allowing for direct BGP communication.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specific, but genuine, BGP packet designed to exploit the improper input validation vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted BGP packet to an already established BGP session on the target device.\u003c/li\u003e\n\u003cli\u003eUpon receiving the malicious packet, the vulnerable Junos OS or Junos OS Evolved instance improperly processes it.\u003c/li\u003e\n\u003cli\u003eDue to the input validation failure, the targeted BGP session is forcibly reset.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats the process of sending the crafted BGP packet to continuously reset the BGP session.\u003c/li\u003e\n\u003cli\u003eThe repeated session resets cause a sustained Denial of Service (DoS), disrupting network routing and connectivity.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33797 leads to a denial-of-service condition affecting BGP routing. By repeatedly sending crafted BGP packets, an attacker can disrupt network connectivity and stability. The impact is a loss of routing functionality for networks relying on the targeted BGP sessions. The number of potential victims is broad, including any organization using vulnerable versions of Junos OS or Junos OS Evolved. This can result in service outages, impaired communication, and potential financial losses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Junos OS to version 25.2R2 or later to remediate CVE-2026-33797 (see references).\u003c/li\u003e\n\u003cli\u003eUpgrade Junos OS Evolved to version 25.2R2-EVO or later to remediate CVE-2026-33797 (see references).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect unusual BGP reset activity in network traffic (see rules).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected BGP session resets originating from adjacent networks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T22:16:29Z","date_published":"2026-04-09T22:16:29Z","id":"/briefs/2024-01-22-juniper-bgp-dos/","summary":"CVE-2026-33797 is an improper input validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved that allows an unauthenticated adjacent attacker to reset established BGP sessions via a specific BGP packet, leading to a denial of service condition.","title":"Juniper Junos OS and Junos OS Evolved BGP Session Reset Denial of Service (CVE-2026-33797)","url":"https://feed.craftedsignal.io/briefs/2024-01-22-juniper-bgp-dos/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-33785"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["privilege-escalation","network","juniper"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eJuniper Networks Junos OS on MX Series is vulnerable to a missing authorization issue (CVE-2026-33785). This vulnerability allows a local, authenticated user with low privileges to execute specific CLI operational commands, specifically \u0026lsquo;request csds\u0026rsquo;, that should only be available to high-privileged users or those designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations. Successful exploitation leads to a complete compromise of managed devices. This issue affects Junos OS on MX Series versions 24.4 prior to 24.4R2-S3 and 25.2 prior to 25.2R2. Releases prior to 24.4 are not affected. The vulnerability was published on 2026-04-09.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local, low-privilege access to a Junos OS MX Series device.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Junos OS CLI using their credentials.\u003c/li\u003e\n\u003cli\u003eAttacker executes the \u0026lsquo;request csds\u0026rsquo; operational command.\u003c/li\u003e\n\u003cli\u003eThe system fails to perform adequate authorization checks before executing the command.\u003c/li\u003e\n\u003cli\u003eThe \u0026lsquo;request csds\u0026rsquo; command executes with elevated privileges due to the missing authorization.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the elevated privileges to modify system configurations.\u003c/li\u003e\n\u003cli\u003eAttacker installs malicious software or backdoors.\u003c/li\u003e\n\u003cli\u003eAttacker achieves complete compromise of the Junos OS MX Series device, potentially impacting all devices managed by it.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33785 allows an attacker to completely compromise a Juniper Junos OS MX Series device. This can lead to unauthorized access to sensitive data, disruption of network services, and the potential compromise of other devices managed by the affected MX Series device. The vulnerability affects Junos OS on MX Series versions 24.4 before 24.4R2-S3 and 25.2 before 25.2R2. While the exact number of vulnerable devices is unknown, the impact is critical due to the potential for widespread network compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Junos OS on MX Series devices to versions 24.4R2-S3 or later, or 25.2R2 or later, to patch CVE-2026-33785.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule to detect unauthorized execution of the \u003ccode\u003erequest csds\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003eMonitor Junos OS CLI command logs for suspicious activity, specifically focusing on the \u003ccode\u003erequest csds\u003c/code\u003e command and user privilege levels.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T22:16:27Z","date_published":"2026-04-09T22:16:27Z","id":"/briefs/2026-04-junos-mx-privesc/","summary":"CVE-2026-33785 allows a low-privileged, local, authenticated user to execute 'request csds' commands on Juniper Junos OS MX Series devices, leading to complete device compromise.","title":"Juniper Junos OS MX Series Missing Authorization Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-junos-mx-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Juniper","version":"https://jsonfeed.org/version/1.1"}