CVE-2026-33779 - Vulnerability Details

An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it.

When an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information.

This issue affects Junos OS:
* all versions before 22.4R3-S9,
* 23.2 versions before 23.2R2-S6,
* 23.4 versions before 23.4R2-S7,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S2,
* 25.2 versions before 25.2R1-S2, 25.2R2.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

unaffected

Version	Status	Constraints
`0`	affected	< 22.4R3-S9
`23.2`	affected	< 23.2R2-S6
`23.4`	affected	< 23.4R2-S7
`24.2`	affected	< 24.2R2-S3
`24.4`	affected	< 24.4R2-S2
`25.2`	affected	< 25.2R1-S2, 25.2R2

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s4::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s5::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s5::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s6::::::
	cpe:2.3:o:juniper:junos:24.2:-::::::
	cpe:2.3:o:juniper:junos:24.2:r1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:24.2:r2::::::
	cpe:2.3:o:juniper:junos:24.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:24.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:24.4:-::::::
	cpe:2.3:o:juniper:junos:24.4:r1::::::
	cpe:2.3:o:juniper:junos:24.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:24.4:r1-s3::::::
	cpe:2.3:o:juniper:junos:24.4:r2::::::
	cpe:2.3:o:juniper:junos:24.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:25.2:-::::::
	cpe:2.3:o:juniper:junos:25.2:r1::::::
	cpe:2.3:o:juniper:junos:25.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:25.2:r2::::::

OR	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4120:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Juniper Networks Subscribe	Junos Os Subscribe

Project Subscriptions

Vendors	Products
Juniper Subscribe	Junos Subscribe Srx1500 Subscribe Srx1600 Subscribe Srx2300 Subscribe Srx300 Subscribe Srx320 Subscribe Srx340 Subscribe Srx345 Subscribe Srx380 Subscribe Srx4100 Subscribe Srx4120 Subscribe Srx4200 Subscribe Srx4300 Subscribe Srx4600 Subscribe Srx4700 Subscribe Srx5400 Subscribe Srx5600 Subscribe Srx5800 Subscribe
Juniper Networks Subscribe	Junos Os Subscribe

Advisories

No advisories yet.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.

Workaround

There are no known workarounds for this issue.

References

Link	Providers
https://kb.juniper.net/JSA107823

History

Fri, 17 Apr 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800
CPEs		cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4120:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r3-s2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s3:::::: cpe:2.3:o:juniper:junos:22.4:r3-s4:::::: cpe:2.3:o:juniper:junos:22.4:r3-s5:::::: cpe:2.3:o:juniper:junos:22.4:r3-s6:::::: cpe:2.3:o:juniper:junos:22.4:r3-s7:::::: cpe:2.3:o:juniper:junos:22.4:r3-s8:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s2:::::: cpe:2.3:o:juniper:junos:23.2:r2-s3:::::: cpe:2.3:o:juniper:junos:23.2:r2-s4:::::: cpe:2.3:o:juniper:junos:23.2:r2-s5:::::: cpe:2.3:o:juniper:junos:23.2:r2:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s2:::::: cpe:2.3:o:juniper:junos:23.4:r2-s3:::::: cpe:2.3:o:juniper:junos:23.4:r2-s4:::::: cpe:2.3:o:juniper:junos:23.4:r2-s5:::::: cpe:2.3:o:juniper:junos:23.4:r2-s6:::::: cpe:2.3:o:juniper:junos:23.4:r2:::::: cpe:2.3:o:juniper:junos:24.2:-:::::: cpe:2.3:o:juniper:junos:24.2:r1-s1:::::: cpe:2.3:o:juniper:junos:24.2:r1-s2:::::: cpe:2.3:o:juniper:junos:24.2:r1:::::: cpe:2.3:o:juniper:junos:24.2:r2-s1:::::: cpe:2.3:o:juniper:junos:24.2:r2-s2:::::: cpe:2.3:o:juniper:junos:24.2:r2:::::: cpe:2.3:o:juniper:junos:24.4:-:::::: cpe:2.3:o:juniper:junos:24.4:r1-s2:::::: cpe:2.3:o:juniper:junos:24.4:r1-s3:::::: cpe:2.3:o:juniper:junos:24.4:r1:::::: cpe:2.3:o:juniper:junos:24.4:r2-s1:::::: cpe:2.3:o:juniper:junos:24.4:r2:::::: cpe:2.3:o:juniper:junos:25.2:-:::::: cpe:2.3:o:juniper:junos:25.2:r1-s1:::::: cpe:2.3:o:juniper:junos:25.2:r1:::::: cpe:2.3:o:juniper:junos:25.2:r2::::::
Vendors & Products		Juniper Juniper junos Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800

Mon, 13 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Networks Juniper Networks junos Os
Vendors & Products		Juniper Networks Juniper Networks junos Os

Thu, 09 Apr 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S9, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2.
Title		Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication
Weaknesses		CWE-296
References		https://kb.juniper.net/JSA107823
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N'}` cvssV4_0 `{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2026-04-09T21:30:56.635Z

Updated: 2026-04-13T18:06:19.571Z

Reserved: 2026-03-23T19:46:13.669Z

Link: CVE-2026-33779

Vulnrichment

Updated: 2026-04-13T17:58:34.324Z

NVD

Status : Analyzed

Published: 2026-04-09T22:16:26.720

Modified: 2026-04-17T17:21:52.403

Link: CVE-2026-33779

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-10T09:27:59Z

Weaknesses

CWE-296

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object