PT-2026-31800 · Juniper Networks+1 · Mx Series+5
Published
2026-04-09
·
Updated
2026-04-09
·
CVE-2026-33778
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS on SRX Series and MX Series versions prior to 22.4R3-S9
Juniper Networks Junos OS versions 23.2 through 23.2R2-S6
Juniper Networks Junos OS versions 23.4 through 23.4R2-S7
Juniper Networks Junos OS versions 24.2 through 24.2R2-S4
Juniper Networks Junos OS versions 24.4 through 24.4R2-S3
Juniper Networks Junos OS versions 25.2 through 25.2R1-S2, 25.2R2
Description
An improper validation of syntactic correctness of input in the IPsec library used by
kmd and iked can lead to a Denial-of-Service (DoS). An unauthenticated, network-based attacker can cause the kmd/iked process to crash and restart by sending a specifically malformed first ISAKMP packet. Repeated exploitation can result in a complete inability to establish new VPN connections.Recommendations
Update to Junos OS version 22.4R3-S9 or later.
Update to Junos OS version 23.2R2-S6 or later.
Update to Junos OS version 23.4R2-S7 or later.
Update to Junos OS version 24.2R2-S4 or later.
Update to Junos OS version 24.4R2-S3 or later.
Update to Junos OS version 25.2R1-S2 or 25.2R2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipsec
Junos
Mx Series
Srx Series
Iked
Kmd