{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33781", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-03-23T19:46:13.669Z", "datePublished": "2026-04-09T21:35:48.123Z", "dateUpdated": "2026-04-10T14:10:08.812Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["EX Series", "QFX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S1, 25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}, {"lessThan": "24.4R1", "status": "unaffected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).<br><br></span>On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.<p>This issue affects Junos OS:</p><p></p><ul><li>24.4 releases before 24.4R2,</li><li>25.2 releases before 25.2R1-S1, 25.2R2.</li></ul><p></p><p>This issue does not affect Junos OS releases before 24.4R1.</p>"}], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n * 24.4 releases before 24.4R2,\n * 25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:35:48.123Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA107869"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA107869", "defect": ["1895370"], "discovery": "USER"}, "title": "Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">To prevent VSTP BPDUs from being processed on UNI interfaces c</span>onfigure:<br><br><tt>[ protocols layer2-control bpdu-block interface all drop ]</tt>"}], "value": "To prevent VSTP BPDUs from being processed on UNI interfaces configure:\n\n[ protocols layer2-control bpdu-block interface all drop ]"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T14:09:58.383485Z", "id": "CVE-2026-33781", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:10:08.812Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33781", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T14:09:58.383485Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:10:03.940Z"}}], "cna": {"title": "Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed", "source": {"defect": ["1895370"], "advisory": "JSA107869", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "24.4", "lessThan": "24.4R2", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S1, 25.2R2", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "24.4R1", "versionType": "semver"}], "platforms": ["EX Series", "QFX Series"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2026-04-08T16:00:00.000Z", "references": [{"url": "https://kb.juniper.net/JSA107869", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "To prevent VSTP BPDUs from being processed on UNI interfaces configure:\n\n[ protocols layer2-control bpdu-block interface all drop ]", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">To prevent VSTP BPDUs from being processed on UNI interfaces c</span>onfigure:<br><br><tt>[ protocols layer2-control bpdu-block interface all drop ]</tt>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n * 24.4 releases before 24.4R2,\n * 25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).<br><br></span>On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.<p>This issue affects Junos OS:</p><p></p><ul><li>24.4 releases before 24.4R2,</li><li>25.2 releases before 25.2R1-S1, 25.2R2.</li></ul><p></p><p>This issue does not affect Junos OS releases before 24.4R1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:35:48.123Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33781", "state": "PUBLISHED", "dateUpdated": "2026-04-10T14:10:08.812Z", "dateReserved": "2026-03-23T19:46:13.669Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-04-09T21:35:48.123Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*", "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*", "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*", "matchCriteriaId": "1B7572BB-9C77-4214-9C5F-CC83C7B93E37", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*", "matchCriteriaId": "CAADBF98-38BE-40E2-AF1B-9077DCED0809", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*", "matchCriteriaId": "6C7B9DEB-7472-4010-8717-8050555C2FAD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "152FD759-F5D2-4ACE-ADD6-7FE89B31D961", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F496D19-D28C-4517-90A3-90EC62BC5D79", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DA4A8C7-EBC0-449E-BD37-69FABDC917C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*", "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A8847B-4F98-4949-8639-5CD2B411D10F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*", "matchCriteriaId": "09EBDE4B-764F-4DF1-844A-BB8A52CD53EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5130:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB58A6E9-FFCF-4331-AC3B-45C37BD1943E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDC5478F-A047-4F6D-BB11-0077A74C0174", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*", "matchCriteriaId": "D877320D-1997-4B66-B11B-864020C755E1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5220:-:*:*:*:*:*:*:*", "matchCriteriaId": "D193BEBD-9436-468D-B89E-D5720603451D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5230-64cd:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F3D09BE-C16F-4E77-B6FB-C0C58BBD7675", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5240:-:*:*:*:*:*:*:*", "matchCriteriaId": "9ABF8F9D-45C1-4554-A213-435A68709FCB", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5241:-:*:*:*:*:*:*:*", "matchCriteriaId": "685120A6-7005-4ECB-A37F-0F225BB92676", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:qfx5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7D6C74F-E85F-4D62-BDAF-FE619B467C76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS).\n\nOn EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS:\n\n\n\n * 24.4 releases before 24.4R2,\n * 25.2 releases before 25.2R1-S1, 25.2R2.\n\n\n\n\nThis issue does not affect Junos OS releases before 24.4R1."}], "id": "CVE-2026-33781", "lastModified": "2026-04-17T17:53:32.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-04-09T22:16:27.193", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA107869"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["ex_series", "qfx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[24.4,24.4R2)"}}, {"platform": ["ex_series", "qfx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R1-S1)"}}, {"platform": ["ex_series", "qfx_series"], "status": "affected", "versions": {"scheme": "generic", "value": "[25.2,25.2R2)"}}, {"platform": ["ex_series", "qfx_series"], "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,24.4R1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Junos OS", "source": "cna", "vendor": "Juniper Networks"}, "product": "junos_os", "vendor": "juniper_networks"}], "analysis": {"en": {"generated_at": "2026-04-09T23:25:33.230240+00:00", "value": {"mitigation_remediation": ["Update Junos OS to release 24.4R2 or later, or 25.2R1\u2011S1/25.2R2 or newer versions, to remove the vulnerability.", "If an update is not immediately possible, configure the device to block VSTP BPDUs on all UNI interfaces: protocols layer2-control bpdu-block interface all drop.", "After applying the configuration change, restart the device to clear any residual memory leaks.", "Verify that traffic resumes normally and monitor for repeated buffer allocation failures.", "Stay current with future Junos OS releases and security advisories from Juniper Networks."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Juniper Networks Junos OS running on EX and QFX Series devices, specifically EX4k and QFX5k platforms configured as service\u2011provider edge devices with Layer\u20112 Protocol Tunneling enabled on the UNI and VSTP enabled on the NNI in VXLAN scenarios. Vulnerable releases include 24.4 versions earlier than 24.4R2 and 25.2 versions earlier than 25.2R1\u2011S1 or 25.2R2; earlier releases before 24.4R1 are not affected.", "description_and_impact": "The vulnerability originates in the packet forwarding engine of Juniper Networks Junos OS and is triggered when specific control protocol packets\u2014VSTP Bridge Protocol Data Units (BPDUs)\u2014are received on a UNI interface in a VXLAN configuration. Processing these BPDUs causes packet buffer allocation failures that lead to memory leaks and ultimately prevent the device from forwarding traffic. Because the flaw is an improper check for unusual or exceptional conditions, an attacker with no authentication who is in the local network segment can induce a full denial of service by simply sending the offending packets. The attacker gains no other privileges; the impact is limited to interrupting connectivity for all traffic passing through the affected device.\n\nThe flaw is present in older releases of Junos OS that run on EX4k and QFX5k service\u2011provider edge devices. Versions prior to 24.4R2 in the 24.4 release line and prior to 25.2R1\u2011S1 or 25.2R2 in the 25.2 line are vulnerable. Devices running Junos OS releases before 24.4R1 are not affected.\n\nRisk assessment indicates a medium\u2011high severity with a CVSS score of 7.1. Exploit probability data is not provisioned, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is an unauthenticated network adversary adjacent to the device, sending crafted VSTP BPDUs over the UNI interface. The attack requires no special access privileges beyond network proximity, making the threat potentially realistic in shared or multi\u2011tenant environments.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.1, signifying a considerable impact on availability. Since EPSS data is not available, the exact exploitation likelihood remains uncertain, but the lack of authentication requirements and the requirement only for proximity to the target machine heighten the real\u2011world risk. The vulnerability is not yet catalogued as a known exploited vulnerability by CISA, which may indicate limited public exploitation but does not rule out the possibility that attackers have discovered or are experimenting with the flaw. The attack path is straightforward: an adjacent attacker sends VSTP BPDUs to the UNI interface, which the device processes and then fails to forward traffic, causing a denial of service until the device is restarted."}}}}, "created": "2026-04-10T08:36:55.438685+00:00", "updated": "2026-04-10T09:27:52.997637+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}