CVE-2026-33803

MEDIUM

Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

Title source: cna
STIX 2.1

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process which should only be able to communicate internally within the device can be reached over the network via an open port. This leads to a device being inadvertently exposed and increased CPU cycles spent processing ingress packets. This issue affects Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-S5-EVO, * 24.4 versions before 24.4R2-S4-EVO, * 25.2 versions before 25.2R2-S1-EVO, * 25.4 versions before 25.4R1-S2-EVO.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA110078

Scores

CVSS v3 6.5
EPSS 0.0035
EPSS Percentile 27.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-923
Status published
Products (9)
juniper/junos_os_evolved 23.2 (11 CPE variants)
juniper/junos_os_evolved 23.4 (12 CPE variants)
juniper/junos_os_evolved 24.2 (8 CPE variants)
juniper/junos_os_evolved 24.4 (8 CPE variants)
juniper/junos_os_evolved 25.2 (5 CPE variants)
juniper/junos_os_evolved 25.4 (3 CPE variants)
juniper/junos_os_evolved < 23.2
Juniper Networks/Junos OS Evolved < 23.2R2-S7-EVO
Juniper Networks/Junos OS Evolved 23.4 - 23.4R2-S8-EVO
Published Jul 09, 2026
Tracked Since Jul 10, 2026