Skip to main content

Junos OS EUVDEUVD-2026-42723

| CVE-2026-57032 HIGH
Improper Handling of Undefined Parameters (CWE-236)
2026-07-09 juniper GHSA-hp6x-whrh-rg9m
7.1
CVSS 4.0 · Vendor: juniper
Share

Severity by source

Vendor (juniper) PRIMARY
7.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
vuln.today AI
6.5 MEDIUM

Network-reachable gRPC telemetry with only a low-privilege account (PR:L) and no user interaction crashes the FPC for availability-only impact (A:H); no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (juniper).

CVSS VectorVendor: juniper

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 09, 2026 - 23:02 EUVD
Analysis Generated
Jul 09, 2026 - 22:28 vuln.today
Severity Changed
Jul 09, 2026 - 22:22 NVD
MEDIUM HIGH
CVSS changed
Jul 09, 2026 - 22:22 NVD
6.5 (MEDIUM) 7.1 (HIGH)

DescriptionCVE.org

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service (DoS).

If an attempt is made to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100 and EX4400 via gRPC, this causes the FPC to crash. This leads to a complete service outage until the module has automatically restarted.

The following log message can be seen when this issue happens:

agentd[<PID>]: AGENTD_RESOURCE_NOT_FOUND: No resource name found for <sensor>

This issue affects Junos OS on

EX2300, EX3400, EX4000, EX4100 and EX4400

devices:

  • all versions before 23.2R2-S7,
  • 23.4 versions before 23.4R2-S8,
  • 24.2 versions before 24.2R2-S5,
  • 24.4 versions before 24.4R2.

AnalysisAI

Denial-of-service in Juniper Networks Junos OS on EX Series switches (EX2300, EX3400, EX4000, EX4100, EX4400) lets a low-privileged authenticated attacker crash the Flexible PIC Concentrator (FPC) by subscribing over gRPC to an unsupported telemetry sensor path in the packet forwarding engine. Each crash produces a complete forwarding outage until the module auto-restarts, and the trigger can be repeated for sustained disruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege management access
Delivery
Reach gRPC/gNMI telemetry service
Exploit
Subscribe to unsupported pfe sensor path
Execution
Trigger undefined-parameter fault in agentd
Persist
Crash FPC and drop forwarding
Impact
Repeat to sustain outage

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target be an EX2300, EX3400, EX4000, EX4100 or EX4400 running an affected Junos OS release with the Junos Telemetry Interface / gRPC (gNMI) streaming service reachable, and the attacker must hold a low-privilege authenticated account able to open a gRPC telemetry subscription (CVSS PR:L confirms authentication is needed; not exploitable unauthenticated). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score is 7.1 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N and impact confined to availability (VA:H, SA:L; VC:N/VI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privilege authenticated foothold on the switch's management plane - or on a monitoring host permitted to reach the gRPC endpoint - opens a telemetry subscription to a sensor path that the EX platform does not support. The malformed/undefined path resolution crashes the FPC and drops the switch's forwarding for the duration of the auto-restart, and the attacker scripts repeated subscriptions to keep the device offline. …
Remediation Vendor-released patch: upgrade Junos OS to a fixed release for the affected EX Series switches - 23.2R2-S7 or later, 23.4R2-S8 or later, 24.2R2-S5 or later, or 24.4R2 or later (per Juniper advisory JSA110092, https://supportportal.juniper.net/JSA110092). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all affected EX Series switch models (EX2300, EX3400, EX4000, EX4100, EX4400) in production; restrict gRPC telemetry endpoint access via administrative ACLs and firewall rules to authorized management networks only; disable non-essential telemetry subscriptions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57026 HIGH
8.7 Jul 09

Denial-of-service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series devices allows an unauthenticated

CVE-2026-57023 HIGH
8.7 Jul 09

Remote denial of service in Juniper Networks Junos OS on MX Series (with SPC3) and SRX Series firewalls lets an unauthen

CVE-2026-57022 HIGH
8.2 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Junos OS on MX (with SPC3) and SRX-series firewalls l

CVE-2026-57030 HIGH
8.2 Jul 09

Denial-of-service in Juniper Networks Junos OS on SRX Series devices lets an unauthenticated, network-based attacker exh

CVE-2026-57027 HIGH
7.1 Jul 09

Denial-of-service in Juniper Junos OS on EX4100 and EX4400 Series switches allows an unauthenticated adjacent attacker t

CVE-2026-57020 HIGH
7.1 Jul 09

Denial-of-service in Juniper Networks Junos OS on QFX10000 Series switches allows an unauthenticated, adjacent (Layer 2)

CVE-2026-57019 HIGH
7.1 Jul 09

Denial-of-service in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series routers lets an unauth

CVE-2026-57021 MEDIUM
6.9 Jul 09

Out-of-bounds write in the Juniper Networks Junos OS http-gatekeeper (http-gk) process on SRX Series firewalls crashes t

CVE-2026-57024 MEDIUM
6.9 Jul 09

Repeated IKE negotiation failures on Juniper Junos OS (MX with SPC3 and SRX Series) cause a peer index rollover that ass

CVE-2026-57054 MEDIUM
6.9 Jul 09

Web filtering bypass on Juniper Networks Junos OS MX Series exposes downstream resources to unauthenticated network atta

CVE-2026-57025 MEDIUM
6.8 Jul 09

Denial-of-service in Juniper Networks Junos OS and Junos OS Evolved on EX Series, QFX Series, and MX Series allows a loc

CVE-2026-33802 MEDIUM
6.8 Jul 09

Junos OS on Juniper EX Series access switches exposes a missing authorization flaw in the CLI that allows any locally au

Share

EUVD-2026-42723 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy