Juniper Junos OS Vulnerability (JSA107870)

🗓️ 08 Apr 2026 00:00:00Reported by TenableType

Junos Operating System on PTX Series vulnerable to function call with wrong argument type causing denial of service.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-33783	9 Apr 202621:36	–	attackerkb
Circl	CVE-2026-33783	9 Apr 202618:00	–	circl
CNNVD	Juniper Networks Junos OS Evolved 安全漏洞	9 Apr 202600:00	–	cnnvd
CVE	CVE-2026-33783	9 Apr 202621:36	–	cve
Cvelist	CVE-2026-33783 Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes	9 Apr 202621:36	–	cvelist
EUVD	EUVD-2026-21201	10 Apr 202600:30	–	euvd
NVD	CVE-2026-33783	9 Apr 202622:16	–	nvd
Positive Technologies	PT-2026-31802	9 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-33783	13 Apr 202619:23	–	redhatcve
Vulnrichment	CVE-2026-33783 Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes	9 Apr 202621:36	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 4eecfc4ef5ee21c5b684ec8500c07993e345181730e7ae785a2db52564eab5115708a755fc995ed694961b1d3b5ac824585dfa528876932327a976180e069247e1e079f821c4575ae6a57d1c58d4f6be145939d00b6f17562d4e9bb50d305880e218230cf6ad44c905d32c671df2c28c78fa5031dcf51ab28819a04d1106aacfc06fa69d7f2f15454098709e64b8aa6d70a86fa7b00f1b3372211d54459a6ebca12bd181d1f9b6d1ec464959fde86601a9ff2a40525091ca300dd4a9b44382fe12768c981d0801b5b9528b7f8f8612495dc85d03ce9ae8c99e390794e3e5b8a0f4af1f0ee79671058d757ff7791558b5ad846c35840444cbc5a7f5cd905ff8f60040c7f6ebafdb82b3b8a9f745ade362a2dbd9f00ce49bd929ac535b2df041e9781b9f7341cdf5947bcb0d8630d19808601d6d2ee0ecf56baa12f8bd0a1a943cb04e7ad18084c91dee8530e8f0eaf2d787c177c60f2bf605fcfc9f040b3a1de6966b7509aaca7853be096d0eba0cd30fb9d9fe88c5c716dd47bdbee48e0529110271c0cbae53e7484ad8d8490328626fd6f25a23119dffa5a50672fa056551ed5af88907e69e855f979f7df6133f412f03ac997f5e9ac7fc54f412ce84fee55f7128433e5e365257d4b954442fd889230e475aaf7e30d6a7d6d1bc90afa92876718f6c12f76da3d54acaf5102e341f67e86a86ce5942ee8483d0a69ca3408a77
#TRUST-RSA-SHA256 a6d542f71531362a21c98001094e3e59a0e61a55bcd806aeeb56c065a90608383e61996b441c41e2b245987cbd088e5aa34140734fa8d809391d398fe20f54bbee9e89dd0fbfbf954a8110015d7afb9aaa59eac15157809b343193e0e45f2f468dab1656aac65dd42a1d133478cfc8305882c9cf169a4c99c5fee8e2568fed140ea02a93ea680e437546a0fb655fef83569b52ef392aab9eb55e34044ec41d799774979dac09404003931bb5d80bf0ccd26b719fade49c4c8c0ce9e2ccea6f1d6cdc978fb147c95308217ea3cc6f090d28afb62d95d0303d00274637f68e314c3b09f2f8077f57b8830fffc87a914620a19a6da279b717b82bf35c4e97d3f93cdea3e6e71ee64b14b6ecfe9338941393e7f02b93b40f95fcf68328953deb1ec492b52522ce67e7a09cb166ddebe7d41b14d33319baeba9745c8ac385cc42ed7630f85a801e8767cae5a6befa9383fb19347bca46dddb4a240e83a347e47623039fa26b4b9ec6d649c64bf9dad89304c931a26d72adbe1dc5eac0557573db328601a931bc403a389105087d8a261fa4ea23706bb4c29734ca9909daf67897987edc95d6070fcedeb8d0728ff495aca050ec6a4a1220198b4542be539ce92707546dd971951161e305fd27ba161aeab2388c2019cf88278d5174e30c337022d481cb7e1da7aeb55a4f251a547a016266ae4aa65d6e44c4082804e03e5e3d6d3827
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
# This file was created in whole or in part by AI.
##

include('compat.inc');

if (description)
{
  script_id(305593);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/10");

  script_cve_id("CVE-2026-33783");
  script_xref(name:"JSA", value:"JSA107870");
  script_xref(name:"IAVA", value:"2026-A-0314");

  script_name(english:"Juniper Junos OS Vulnerability (JSA107870)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107870
advisory.

  - A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks
    Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause
    a complete Denial of Service (DoS). (CVE-2026-33783)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-Evolved-PTX-Series-If-SRTE-tunnels-provisioned-via-PCEP-are-present-and-specific-gRPC-queries-are-received-evo-aftman-crashes-CVE-2026-33783
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1c524125");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA107870");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:U/RE:M");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33783");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/08");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^PTX")
{
  audit(AUDIT_DEVICE_NOT_VULN, model);
}

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'23.2-EVO', 'fixed_ver':'23.2R2-S6-EVO', 'model':'^PTX'},
  {'min_ver':'23.4-EVO', 'fixed_ver':'23.4R2-S7-EVO', 'model':'^PTX'},
  {'min_ver':'24.2-EVO', 'fixed_ver':'24.2R2-S4-EVO', 'model':'^PTX'},
  {'min_ver':'24.4-EVO', 'fixed_ver':'24.4R2-S2-EVO', 'model':'^PTX'},
  {'min_ver':'25.2-EVO', 'fixed_ver':'25.2R1-S2-EVO', 'model':'^PTX', 'fixed_display':'25.2R1-S2-EVO, 25.2R2-EVO'}
];

var override = TRUE;
var buf1 = junos_command_kb_item(cmd:'show configuration | display set');
if (buf1)
{
  var conf1 = !junos_check_config(buf:buf1, pattern:"^set .*protocols source-packet-routing telemetry statistics per-source per-segment-list");
  if (conf1)
    audit(AUDIT_OS_CONF_NOT_VULN, 'Junos OS');
  override = FALSE;
}

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

10 Apr 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5

CVSS 47.1

EPSS0.00062

SSVC