https://feed.craftedsignal.io/tags/juniper/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 09 Apr 2026 22:16:29 +0000https://feed.craftedsignal.io/briefs/2024-01-22-juniper-bgp-dos/Thu, 09 Apr 2026 22:16:29 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-22-juniper-bgp-dos/CVE-2026-33797 is an improper input validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved that allows an unauthenticated adjacent attacker to reset established BGP sessions via a specific BGP packet, leading to a denial of service condition.CVE-2026-33797 is a vulnerability affecting Juniper Networks Junos OS and Junos OS Evolved versions 25.2 before 25.2R2 and 25.2-EVO before 25.2R2-EVO, respectively. It stems from improper input validation within the Border Gateway Protocol (BGP) handling. An unauthenticated, adjacent attacker can exploit this flaw by sending a crafted BGP packet to an already established BGP session. This malicious packet causes the targeted BGP session to reset, leading to a Denial of Service (DoS). Repeated transmission of the crafted packet can sustain the DoS condition. Both external BGP (eBGP) and internal BGP (iBGP) sessions are susceptible, and the vulnerability impacts both IPv4 and IPv6 network configurations. This vulnerability poses a risk to network stability and availability.

Attack Chain

1. Attacker identifies a vulnerable Juniper device running Junos OS or Junos OS Evolved versions 25.2 prior to 25.2R2 or 25.2-EVO prior to 25.2R2-EVO.
2. The attacker establishes network adjacency to the targeted device, allowing for direct BGP communication.
3. The attacker crafts a specific, but genuine, BGP packet designed to exploit the improper input validation vulnerability.
4. The attacker sends the crafted BGP packet to an already established BGP session on the target device.
5. Upon receiving the malicious packet, the vulnerable Junos OS or Junos OS Evolved instance improperly processes it.
6. Due to the input validation failure, the targeted BGP session is forcibly reset.
7. The attacker repeats the process of sending the crafted BGP packet to continuously reset the BGP session.
8. The repeated session resets cause a sustained Denial of Service (DoS), disrupting network routing and connectivity.

Impact

Successful exploitation of CVE-2026-33797 leads to a denial-of-service condition affecting BGP routing. By repeatedly sending crafted BGP packets, an attacker can disrupt network connectivity and stability. The impact is a loss of routing functionality for networks relying on the targeted BGP sessions. The number of potential victims is broad, including any organization using vulnerable versions of Junos OS or Junos OS Evolved. This can result in service outages, impaired communication, and potential financial losses.

Recommendation

• Upgrade Junos OS to version 25.2R2 or later to remediate CVE-2026-33797 (see references).
• Upgrade Junos OS Evolved to version 25.2R2-EVO or later to remediate CVE-2026-33797 (see references).
• Deploy the Sigma rule provided to detect unusual BGP reset activity in network traffic (see rules).
• Monitor network traffic for unexpected BGP session resets originating from adjacent networks.

]]>mediumadvisorycve-2026-33797denial-of-servicejuniperbgpnetworkhttps://feed.craftedsignal.io/briefs/2026-04-junos-mx-privesc/Thu, 09 Apr 2026 22:16:27 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-junos-mx-privesc/CVE-2026-33785 allows a low-privileged, local, authenticated user to execute 'request csds' commands on Juniper Junos OS MX Series devices, leading to complete device compromise.Juniper Networks Junos OS on MX Series is vulnerable to a missing authorization issue (CVE-2026-33785). This vulnerability allows a local, authenticated user with low privileges to execute specific CLI operational commands, specifically ‘request csds’, that should only be available to high-privileged users or those designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations. Successful exploitation leads to a complete compromise of managed devices. This issue affects Junos OS on MX Series versions 24.4 prior to 24.4R2-S3 and 25.2 prior to 25.2R2. Releases prior to 24.4 are not affected. The vulnerability was published on 2026-04-09.

Attack Chain

1. Attacker gains local, low-privilege access to a Junos OS MX Series device.
2. Attacker authenticates to the Junos OS CLI using their credentials.
3. Attacker executes the ‘request csds’ operational command.
4. The system fails to perform adequate authorization checks before executing the command.
5. The ‘request csds’ command executes with elevated privileges due to the missing authorization.
6. Attacker leverages the elevated privileges to modify system configurations.
7. Attacker installs malicious software or backdoors.
8. Attacker achieves complete compromise of the Junos OS MX Series device, potentially impacting all devices managed by it.

Impact

Successful exploitation of CVE-2026-33785 allows an attacker to completely compromise a Juniper Junos OS MX Series device. This can lead to unauthorized access to sensitive data, disruption of network services, and the potential compromise of other devices managed by the affected MX Series device. The vulnerability affects Junos OS on MX Series versions 24.4 before 24.4R2-S3 and 25.2 before 25.2R2. While the exact number of vulnerable devices is unknown, the impact is critical due to the potential for widespread network compromise.

Recommendation

• Upgrade Junos OS on MX Series devices to versions 24.4R2-S3 or later, or 25.2R2 or later, to patch CVE-2026-33785.
• Implement the provided Sigma rule to detect unauthorized execution of the request csds command.
• Monitor Junos OS CLI command logs for suspicious activity, specifically focusing on the request csds command and user privilege levels.

]]>criticaladvisoryprivilege-escalationnetworkjuniper