6.8

CVE-2026-33802

Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service (DoS).



On EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400 switches, an authenticated, local attacker with no specific permissions or class can execute a specific, privileged CLI 'request' command which will cause complete traffic impact until the system automatically recovers.

This issue affects Junos OS on EX2300, EX4000, EX4100, EX4300-MP (Multigigabit) and EX4400:


  *  23.2R2 versions before 23.2R2-S6,
  *  23.4 versions before 23.4R2-S8,
  *  24.2 versions before 24.2R2-S4,
  *  24.4 versions before 24.4R2-S3,
  *  25.2 versions before 25.2R2,
  *  25.4 versions before 25.4R1-S1.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version 23.2R2
Version < 23.2R2-S6
Status affected
Version 23.4
Version < 23.4R2-S8
Status affected
Version 24.2
Version < 24.2R2-S4
Status affected
Version 24.4
Version < 24.4R2-S3
Status affected
Version 25.2
Version < 25.2R2
Status affected
Version 25.4
Version < 25.4R1-S1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net 6.8 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.