Juniper Junos OS Vulnerability (JSA107850)

🗓️ 08 Apr 2026 00:00:00Reported by TenableType

Junos OS vulnerability allows an unauthenticated adjacent attacker to reset a border gateway protocol session, causing denial of service.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-33797	9 Apr 202621:31	–	attackerkb
Circl	CVE-2026-33797	9 Apr 202618:00	–	circl
CNNVD	Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 输入验证错误漏洞	9 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33797	9 Apr 202621:31	–	cve
Cvelist	CVE-2026-33797 Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset	9 Apr 202621:31	–	cvelist
EUVD	EUVD-2026-21208	10 Apr 202600:30	–	euvd
NVD	CVE-2026-33797	9 Apr 202622:16	–	nvd
Positive Technologies	PT-2026-31808	9 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-33797	13 Apr 202619:23	–	redhatcve
Vulnrichment	CVE-2026-33797 Junos OS and Junos OS Evolved: An attacker sending a specific genuine BGP packet causes a BGP reset	9 Apr 202621:31	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 7efeb73b5c1981039decff07df22713e7eeda65293537260950f73e209a32e522a57d32e976b82919df3ea90c4a5516af20dd6f5666697bfe988e4390bbb5683ad7edd3ddd74f9090a85ca167243c9d8a3c4c02b61108b57ce7a32e3f1b06256b11d3f2955bd659e96488c1361543ee4c884834cd8f0ef39e13684bd89c94a9297d7733202ce6d0492a2cbacc1bb0fe6ef86da9bdb6436bc62aa3865467fc2df26dc3810258a296300197bb654dd9c67717101320c096d618b820cacec31aa99478ba4721b7eca62fd57557b4d08d9db0e7b5cc854a999018362676a39be28cb3f87d75145712c27f36d7fc5e92e8c47afdd5cc0bb23dc5c23004bbaf0bffbabaf602ff1c5a6ec90a0700c22c22442a6acb9bb8851d0b5f36c50b449c510e62bbf8c780244063a538e434fb64a6f95633fe9724f276344ad1b638e98757a1ec2dc4a07462fa8774dbf26e2a0e77ee47d9dfaf07b6abd9c19f1dcfafd367738603ac116114738adee863ad8edfdd4f1d99798f5a5e001c770d38244375f51af57ee6f5a753dff4978ab1171eb624c51371f58719b1b9d0d8053794adfafb0598ede71c83050b6adcd59d5c2b3ce00a64d228fb4cf8ab068dadd9ace759516690fb9a3325c0136fe982f02c31100c6e66286a2a709fc3f64da860c1faa98d45ca26c59e69c26ff9327a40e62d1d4911345e3be94e941d4d0352285b3e4d6899a46
#TRUST-RSA-SHA256 6862938283f2a462c33d3dca1c50b280a7118541d02403de2a039c692c6b831bd913a097e120e1b77472dc9929d44ee58569f94e0cca7c0ebf878361873eef9b61a39b8e0c0951127124809f2b5bd03ee3b6d6c4a0e62469b545416d5e40a53ee84a3799cb46258a162c1815a0232c6e982cad9efafd19c0b2a0d00acb0ccf7d5e2ba93c860e95b2f5fca6d3cb3db16bda56a97f1c2f294053e2f80a3e7ed8284f15a8b3729e83aff94836310cde14a89d3241c574c0b927d2123f44265a1ecfec9818e748dafb432f5a2b72b61673024ab5309a3cb07ddadf089f1aba63f481e575697810deda3b31e6940e0c31bc704039bcaaee2bb1dd416fe11f452834cae721b71322de621590b820d3184141ac94a21c244e8d4f8518ad234532ca911289582e0a8eeea3ab31a9922e9d78db52265154baaa365b7bbbae225e8183cb8a12efe3d3780f7031d51560f192a2a183274b9d34b4ec65b3d3504f30dd8375401a1b7ada5bcc793097438e8f4d6e107267ce179ceb559b9e2724e0bce5b18f5d06aa26767418ccf32978cc6e6468617a849e7ea8b53a35fbcb23bbf042997dbe3aea4a262d2b2b2b91313f6e407685bccd5fa544143c82634e6c863cabdd6f7cea5defb796b7f8b9b24122365eb26b3c5576734b2b155d277d7bcbee1baddd97c031571023746df36a7a88069d17415096646aef0a8f8c32f5c64301e2018829
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(305584);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/05");

  script_cve_id("CVE-2026-33797");
  script_xref(name:"JSA", value:"JSA107850");
  script_xref(name:"IAVA", value:"2026-A-0314");

  script_name(english:"Juniper Junos OS Vulnerability (JSA107850)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107850
advisory.

  - An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an
    unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP
    session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the
    packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2
    This issue does not affect Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: *
    25.2-EVO versions before 25.2R2-EVO This issue does not affect Junos OS Evolved versions before
    25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected. (CVE-2026-33797)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-a-specific-genuine-BGP-packet-causes-a-BGP-reset-CVE-2026-33797
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0f42569b");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA107850");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:A/V:C/RE:M/U:Green");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33797");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/08");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'25.2R1', 'fixed_ver':'25.2R2', 'fixed_display':'25.2R2 or 25.4R1'},
  {'min_ver':'25.2R1-EVO', 'fixed_ver':'25.2R2-EVO', 'fixed_display':'25.2R2-EVO or 25.4R1-EVO'}
];

var override = TRUE;
var buf1 = junos_command_kb_item(cmd:'show configuration | display set');
if (buf1)
{
  var conf1 = !junos_check_config(buf:buf1, pattern:"^set .*protocols bgp group \S+ neighbor");
  if (conf1)
    audit(AUDIT_OS_CONF_NOT_VULN, 'Junos OS');
  override = FALSE;
}

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix))
  audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

05 May 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 47.1

CVSS 3.17.4

EPSS0.00039

SSVC