{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33783", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.669Z", "datePublished": "2026-04-09T21:36:13.503Z", "dateUpdated": "2026-04-09T21:36:13.503Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["PTX Series"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.4R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "23.2R2-S6-EVO", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S7-EVO", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S4-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-S2-EVO", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S2-EVO, 25.2R2-EVO", "status": "affected", "version": "25.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this issue a device needs to be configured with SR specific telemetry statistics:<br><br><tt>[ protocols source-packet-routing telemetry statistics per-source per-segment-list ]</tt>"}], "value": "To be exposed to this issue a device needs to be configured with SR specific telemetry statistics:\n\n[ protocols source-packet-routing telemetry statistics per-source per-segment-list ]"}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).<br><br><br>If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.<br><br><br>This issue affects Junos OS Evolved on PTX Series:&nbsp;<p></p><p></p><ul><li>all versions before 22.4R3-S9-EVO,</li><li>23.2 versions before 23.2R2-S6-EVO,</li><li>23.4 versions before 23.4R2-S7-EVO,</li><li>24.2 versions before 24.2R2-S4-EVO,</li><li>24.4 versions before 24.4R2-S2-EVO,</li><li>25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.</li></ul><p></p><p><br></p>"}], "value": "A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).\n\n\nIf colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.\n\n\nThis issue affects Junos OS Evolved on PTX Series:\u00a0\n\n\n\n * all versions before 22.4R3-S9-EVO,\n * 23.2 versions before 23.2R2-S6-EVO,\n * 23.4 versions before 23.4R2-S7-EVO,\n * 24.2 versions before 24.2R2-S4-EVO,\n * 24.4 versions before 24.4R2-S2-EVO,\n * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-686", "description": "CWE-686 Function Call With Incorrect Argument Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:36:13.503Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107870"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S9-EVO, 23.2R2-S6-EVO, 23.4R2-S7-EVO, 24.2R2-S4-EVO, 24.4R2-S2-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S9-EVO, 23.2R2-S6-EVO, 23.4R2-S7-EVO, 24.2R2-S4-EVO, 24.4R2-S2-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA107870", "defect": ["1894533"], "discovery": "USER"}, "title": "Junos OS Evolved: PTX Series: If SRTE tunnels provisioned via PCEP are present and specific gRPC queries are received evo-aftmand crashes", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Configure the Originator ASN with a value of less than 65,535 (16-bit ASN)."}], "value": "Configure the Originator ASN with a value of less than 65,535 (16-bit ASN)."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS).\n\n\nIf colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured.\n\n\nThis issue affects Junos OS Evolved on PTX Series:\u00a0\n\n\n\n * all versions before 22.4R3-S9-EVO,\n * 23.2 versions before 23.2R2-S6-EVO,\n * 23.4 versions before 23.4R2-S7-EVO,\n * 24.2 versions before 24.2R2-S4-EVO,\n * 24.4 versions before 24.4R2-S2-EVO,\n * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO."}], "id": "CVE-2026-33783", "lastModified": "2026-04-09T22:16:27.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:27.590", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA107870"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-686"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,22.4R3-S9-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[23.2,23.2R2-S6-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[23.4,23.4R2-S7-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.2,24.2R2-S4-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2-S2-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R1-S2-EVO)"}}, {"platform": ["ptx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2-EVO)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS Evolved", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os_evolved", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T23:25:16.429132+00:00", "value": {"mitigation_remediation": ["Apply an updated Junos OS Evolved release starting with 22.4R3\u2011S9\u2011EVO.", "If an upgrade is not immediately possible, set the Originator ASN value to less than 65,535 to satisfy the workaround.", "Verify that the evo\u2011aftmand process is running after any change; if it remains unresponsive, reboot the device.", "Monitor PCEP sessions and gRPC traffic for anomalous originator ASN values.", "Ensure the network device is protected with appropriate access controls to limit authenticated low\u2011privilege access."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected systems are Juniper Networks Junos OS Evolved running on PTX Series devices. The vulnerability is present in all releases before 22.4R3\u2011S9\u2011EVO, before 23.2R2\u2011S6\u2011EVO, before 23.4R2\u2011S7\u2011EVO, before 24.2R2\u2011S4\u2011EVO, before 24.4R2\u2011S2\u2011EVO, and before 25.2R1\u2011S2\u2011EVO; all later releases address the issue.", "description_and_impact": "The vulnerability is a Function Call With Incorrect Argument Type in the sensor interface of Junos OS Evolved. When SRTE policy tunnels are provisioned via PCEP and a gRPC query is received, the evo-aftmand process crashes and does not automatically restart, causing a persistent denial of service. An attacker who has authenticated network access with low privileges can trigger the crash by sending gRPC traffic that includes an Originator ASN value larger than 65,535. The resulting service disruption requires a manual reboot to recover, affecting traffic monitoring and overall network operation. The weakness is classified as CWE\u2011686, indicating a function call with an incorrect argument type.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a moderate to high impact, while the EPSS score is not available and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires an authenticated attacker with low privileges who can interact with the router\u2019s PCEP and gRPC interfaces; the attack vector is therefore likely network-based and necessitates some level of internal access. Given the impact on service continuity, the risk to organizations deploying the affected Junos OS Evolved versions is significant, especially in environments where SRTE tunnels are used."}}}}, "created": "2026-04-10T08:36:54.411688+00:00", "updated": "2026-04-10T09:27:52.083624+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os_evolved"]}