PT-2026-31804 · Juniper Networks · Juniper Device Manager+3
Published
2026-04-09
·
Updated
2026-04-10
·
CVE-2026-33785
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS on MX Series versions 24.4 releases before 24.4R2-S3
Juniper Networks Junos OS on MX Series versions 25.2 releases before 25.2R2
Description
A Missing Authorization issue in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands, potentially leading to a complete compromise of managed devices. Any logged-in user, regardless of privileges, can issue 'request csds' CLI operational commands. These commands are intended for high-privileged users or those designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations, as they impact all aspects of the managed devices.
Recommendations
Update to Junos OS version 24.4R2-S3 or later.
Update to Junos OS version 25.2R2 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connected Security Distributed Services
Juniper Device Manager
Junos
Mx Series