{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33785", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.670Z", "datePublished": "2026-04-09T21:37:04.370Z", "dateUpdated": "2026-04-09T21:37:04.370Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "24.4R2-S3", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}, {"lessThan": "24.4R1", "status": "unaffected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The MX Series device needs to be configured for JNU as follows:<br><br><tt>[ chassis jnu-management ]</tt>"}], "value": "The MX Series device needs to be configured for JNU as follows:\n\n[ chassis jnu-management ]"}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.<br><br>Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.<br><br><p>This issue affects Junos OS on MX Series:</p><p></p><ul><li>24.4 releases before 24.4R2-S3,&nbsp;</li><li>25.2 releases before 25.2R2.</li></ul><p></p><p>This issue does not affect Junos OS releases before 24.4.</p>"}], "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.\n\nAny user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * 24.4 releases before 24.4R2-S3,\u00a0\n * 25.2 releases before 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:Y/R:U/RE:M", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:37:04.370Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107872"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA107872", "defect": ["1914935"], "discovery": "INTERNAL"}, "title": "Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br><br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Utilize CLI authorization to disallow execution of the '</span><span style=\"background-color: rgb(255, 255, 255);\">request csds'</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;commands.</span>\n\n<br>"}], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\n\n\nUtilize CLI authorization to disallow execution of the 'request csds'\u00a0commands."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices.\n\nAny user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.\n\nThis issue affects Junos OS on MX Series:\n\n\n\n * 24.4 releases before 24.4R2-S3,\u00a0\n * 25.2 releases before 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4."}], "id": "CVE-2026-33785", "lastModified": "2026-04-09T22:16:27.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:27.987", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107872"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["mx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2-S3)"}}, {"platform": ["mx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2)"}}, {"platform": ["mx_series"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,24.4R1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T23:24:33.794035+00:00", "value": {"mitigation_remediation": ["Apply the latest vendor patch for Junos OS: 24.4R2-S3, 25.2R2, 25.4R1, or any newer releases.", "If patching is not immediately possible, restrict CLI access to trusted hosts and administrators using access lists or firewall filters.", "Configure CLI authorization to disallow execution of 'request csds' commands for low\u2011privileged users."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation Leading to Full Device Compromise"}, "threat_synthesis": {"affected_systems": "The issue impacts Juniper Networks Junos OS on MX Series routers. Versions affected are 24.4 releases before 24.4R2-S3 and 25.2 releases before 25.2R2. Releases before 24.4 are not affected.", "description_and_impact": "The vulnerability is a missing authorization flaw in the Juniper Junos OS CLI on MX Series routers. It allows a local, authenticated user with low privileges to issue the 'request csds' commands. These commands are intended only for high privileged users or those designated for Juniper Device Manager (JDM) or Connected Security Distributed Services (CSDS) operations. Abuse of this flaw can result in a complete compromise of the managed device, affecting confidentiality, integrity and availability of the device and potentially all clients connected to it. The weakness is identified as a Missing Permissions vulnerability, CWE-862.", "risk_and_exploitability": "The CVSS base score is 6.3, indicating medium severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local authenticated access; any user logged into the device with low privileges can invoke the vulnerable commands, making exploitation trivial for an insider or an attacker who has obtained legitimate credentials. The risk is significant as the attacker can gain full control of the device."}}}}, "created": "2026-04-10T08:36:52.508989+00:00", "updated": "2026-04-10T09:27:49.699055+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}