Skip to main content

Junos OS iked CVE-2026-57024

| EUVDEUVD-2026-42712 MEDIUM
Use of Multiple Resources with Duplicate Identifier (CWE-694)
2026-07-09 juniper GHSA-m4xf-x7w2-qgfq
6.9
CVSS 4.0 · Vendor: juniper
Share

Severity by source

Vendor (juniper) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
vuln.today AI
5.9 MEDIUM

AC:H reflects that rollover requires sustained high-volume failed negotiations; A:H reflects mandatory reboot to restore service, not limited degradation.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (juniper).

CVSS VectorVendor: juniper

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 09, 2026 - 23:02 EUVD
CVSS changed
Jul 09, 2026 - 22:22 NVD
5.3 (MEDIUM) 6.9 (MEDIUM)
Analysis Generated
Jul 09, 2026 - 22:19 vuln.today

DescriptionCVE.org

A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.

To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:

user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S3,
  • 24.4 versions before 24.4R2-S4,
  • 25.2 versions before 25.2R1-S1.

AnalysisAI

Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that assigns duplicate index values to new peers, triggering continuous iked process crashes and a full VPN service outage requiring system reboot. Unauthenticated network-based attackers can deliberately flood the device with failing VPN negotiations to accelerate the rollover condition. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify internet-facing SRX/MX-SPC3 VPN gateway running iked
Delivery
Flood device with rejected IKE negotiation attempts
Exploit
Exhaust peer index pool through sustained failures
Install
Trigger peer index integer rollover
C2
Duplicate index assigned to new peer entry
Execute
iked process crashes repeatedly
Impact
Full system reboot required to restore VPN service

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the target device must be a Juniper MX with SPC3 or SRX Series running Junos OS in a vulnerable version range; (2) the device must be configured for VPN service with the iked process active - operators can confirm this with 'show system processes extensive | match IKED'; and (3) a large number of VPN negotiation failures must occur, either organically (misconfigured peers over time) or induced by an attacker flooding the device with rejected IKE attempts over an extended period. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) uses Availability:Low, which appears understated given that recovery explicitly requires a full system reboot - not merely restarting a process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker on the internet sends a sustained flood of malformed or intentionally rejected IKE negotiation attempts to UDP/500 on an internet-facing SRX or MX-SPC3 gateway running iked. Over an extended period, the volume of failed negotiations exhausts the peer index pool, causing a rollover. …
Remediation Upgrade to a fixed Junos OS release: 23.2R2-S7 or later, 23.4R2-S6 or later, 24.2R2-S3 or later, 24.4R2-S4 or later, or 25.2R1-S1 or later, per the Juniper advisory at https://supportportal.juniper.net/JSA110084. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57026 HIGH
8.7 Jul 09

Denial-of-service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series devices allows an unauthenticated

CVE-2026-57023 HIGH
8.7 Jul 09

Remote denial of service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series firewalls lets an unauthen

CVE-2026-57022 HIGH
8.2 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls l

CVE-2026-57030 HIGH
8.2 Jul 09

Denial-of-service in Juniper Networks Junos OS on SRX Series devices lets an unauthenticated, network-based attacker exh

CVE-2026-57032 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on EX Series switches (EX2300, EX3400, EX4000, EX4100, EX4400) lets a low

CVE-2026-57027 HIGH
7.1 Jul 09

Denial-of-service in Juniper Junos OS on EX4100 and EX4400 Series switches allows an unauthenticated adjacent attacker t

CVE-2026-57020 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2)

CVE-2026-57019 HIGH
7.1 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series routers lets an unauth

CVE-2026-57021 MEDIUM
6.9 Jul 09

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes t

CVE-2026-57054 MEDIUM
6.9 Jul 09

Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network atta

CVE-2026-57025 MEDIUM
6.8 Jul 09

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a loc

CVE-2026-33802 MEDIUM
6.8 Jul 09

Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally au

Share

CVE-2026-57024 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy