CVE-2026-57032

MEDIUM

Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash

Title source: cna
STIX 2.1

Description

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS). If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.  The following log message can be seen when this issue happens: agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor> This issue affects Junos OS on EX2300, EX3400, EX4000, EX4100 and EX4400 devices: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S8, * 24.2 versions before 24.2R2-S5, * 24.4 versions before 24.4R2.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA110092

Scores

CVSS v3 6.5
EPSS 0.0041
EPSS Percentile 33.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-236
Status published
Products (9)
juniper/junos 23.2 (11 CPE variants)
juniper/junos 23.4 (12 CPE variants)
juniper/junos 24.2 (9 CPE variants)
juniper/junos 24.4 (4 CPE variants)
juniper/junos < 23.2
Juniper Networks/Junos OS < 23.2R2-S7
Juniper Networks/Junos OS 23.4 - 23.4R2-S8
Juniper Networks/Junos OS 24.2 - 24.2R2-S5
Juniper Networks/Junos OS 24.4 - 24.4R2
Published Jul 09, 2026
Tracked Since Jul 10, 2026