CVE-2026-33797

HIGH

7.4

Descricao

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected.

Detalhes CVE

Pontuacao CVSS v3.17.4

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vetor de ataqueADJACENT_NETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado4/9/2026

Ultima modificacao4/23/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

juniper:junosjuniper:junos_os_evolved

Fraquezas (CWE)

CWE-20

Referencias

https://kb.juniper.net/JSA107850(sirt@juniper.net)

https://supportportal.juniper.net/JSA107850(sirt@juniper.net)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.