Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Lifecycle Timeline
7DescriptionCVE.org
An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a complete Denial-of-Service (DoS).
If an affected device receives a specifically malformed first ISAKMP packet from the initiator, the kmd/iked process will crash and restart, which momentarily prevents new security associations (SAs) for from being established. Repeated exploitation of this vulnerability causes a complete inability to establish new VPN connections.
This issue affects Junos OS on
SRX Series and MX Series:
- all versions before 22.4R3-S9,
- 23.2 version before 23.2R2-S6,
- 23.4 version before 23.4R2-S7,
- 24.2 versions before 24.2R2-S4,
- 24.4 versions before 24.4R2-S3,
- 25.2 versions before 25.2R1-S2, 25.2R2.
AnalysisAI
Remote denial-of-service in Juniper Networks Junos OS (SRX/MX Series) allows unauthenticated attackers to crash IPsec daemons via malformed ISAKMP packets. Exploiting the improper input validation (CWE-1286) in kmd/iked IPsec library causes process restart, preventing new VPN security association establishment. Repeated attacks create sustained inability to establish VPN connections, severely degrading network connectivity for affected enterprise firewalls and routing platforms. No public exploit identified at time of analysis.
Technical ContextAI
Root cause: IPsec library fails to validate syntactic correctness of first ISAKMP packet from initiator (CWE-1286). Malformed packet triggers kmd/iked process crash in Junos OS IPsec implementation on SRX Series (cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*) and MX Series platforms. Attack vector network-based, requires no authentication (CVSS PR:N), low complexity (AC:L).
RemediationAI
Vendor-released patches available: upgrade to Junos OS 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R1-S2, or 25.2R2 depending on deployed release track. Prioritize patching internet-facing SRX/MX devices with active IPsec/VPN configurations. No workaround provided; mitigation requires applying vendor patches. Implement network-layer access controls to restrict ISAKMP (UDP 500/4500) traffic to trusted IPsec peers as temporary risk reduction. Review Juniper security bulletin for deployment guidance: https://kb.juniper.net/JSA107868. Validate IPsec functionality post-upgrade and monitor kmd/iked process stability.
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: acti
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote un
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by
Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21197
GHSA-q559-6pc6-gxfh