{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33786", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.670Z", "datePublished": "2026-04-09T21:28:29.648Z", "dateUpdated": "2026-04-09T21:28:29.648Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["SRX1600", "SRX2300", "SRX4300"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "24.4R1-S3, 24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}]}], "datePublic": "2026-04-08T08:21:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).<br><br>When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.<br><br><p>This issue affects Junos OS on SRX1600, SRX2300 and SRX4300:</p><p></p><ul><li>24.4 versions before 24.4R1-S3, 24.4R2.</li></ul>This issue does not affect Junos OS versions before 24.4R1.<p></p>"}], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).\n\nWhen a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.\n\nThis issue affects Junos OS on SRX1600, SRX2300 and SRX4300:\n\n\n\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nThis issue does not affect Junos OS versions before 24.4R1."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:28:29.648Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107810"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.<br>"}], "value": "The following software releases have been updated to resolve this specific issue: 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."}], "source": {"advisory": "JSA107810", "defect": ["1869996"], "discovery": "INTERNAL"}, "title": "Junos OS: SRX1600, SRX2300, SRX4300: When a specific show command is executed chassisd crashes", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.<br><br>Utilize CLI authorization to disallow execution of the 'show chassis' command.<br>"}], "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the 'show chassis' command."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).\n\nWhen a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.\n\nThis issue affects Junos OS on SRX1600, SRX2300 and SRX4300:\n\n\n\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nThis issue does not affect Junos OS versions before 24.4R1."}], "id": "CVE-2026-33786", "lastModified": "2026-04-09T22:16:28.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:28.193", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107810"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["srx1600", "srx2300", "srx4300"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R1-S3)"}}, {"platform": ["srx1600", "srx2300", "srx4300"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T22:22:02.977892+00:00", "value": {"mitigation_remediation": ["Upgrade Junos OS to a fixed release (24.4R1\u2011S3, 24.4R2, 25.2R1 or later).", "If a patch cannot be applied immediately, limit CLI access to trusted hosts and administrators by configuring access lists or firewall filters.", "Disable the 'show chassis' command for non\u2011privileged users using CLI authorization.", "Monitor the device for attempts to execute the vulnerable command and verify that the firmware has been updated."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Juniper Networks Junos OS running on SRX1600, SRX2300 and SRX4300 platforms. Versions of Junos OS prior to 24.4R1-S3 and 24.4R2 are impacted; any releases 24.4R1-S3, 24.4R2, 25.2R1 or later address the issue. Earlier Junos OS releases before 24.4R1 are not affected.", "description_and_impact": "An improper check for unusual or exceptional conditions in the chassis control daemon (chassisd) allows a local attacker with low privileges to execute a specific 'show chassis' command that causes the daemon to crash and restart. The crash results in a momentary loss of all network traffic until the system fully recovers, effectively creating a denial of service. The weakness is identified as CWE-754, a type of improper resource handling problem.", "risk_and_exploitability": "The CVSS score of 6.8 classifies this as a moderate severity vulnerability. No EPSS score is available, and it is not listed in CISA\u2019s KEV catalog. The attack vector is local, requiring the attacker to have low\u2011privilege access to the device\u2019s command line. Once the vulnerable command is executed, the impact is immediate and affects the entire device\u2019s operation. The lack of an EPSS score means typical exploitation likelihood cannot be quantified, but the moderate score and local nature suggest that an attacker who has gained foothold on the device could reliably cause a denial of service."}}}}, "created": "2026-04-10T08:37:09.166204+00:00", "updated": "2026-04-10T09:28:14.220868+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}