CVE-2026-33774
EUVD-2026-2119509.04.2026, 22:16
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device. On MX platforms with MPC10, MPC11, LC4800 or LC9600 line cards, and MX304, firewall filters applied on a loopback interface lo0.n (where n is a non-0 number) don't get executed when lo0.n is in the global VRF / default routing-instance. An affected configuration would be: user@host# show configuration interfaces lo0 | display set set interfaces lo0 unit 1 family inet filter input <filter-name> where a firewall filter is applied to a non-0 loopback interface, but that loopback interface is not referred to in any routing-instance (RI) configuration, which implies that it's used in the default RI. The issue can be observed with the CLI command: user@device> show firewall counter filter <filter_name> not showing any matches. This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R2.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| juniper | junos | 𝑥 < 23.2 |
| juniper | junos | 23.2:r1 |
| juniper | junos | 23.2:r1-s1 |
| juniper | junos | 23.2:r1-s2 |
| juniper | junos | 23.2:r2 |
| juniper | junos | 23.2:r2-s1 |
| juniper | junos | 23.2:r2-s2 |
| juniper | junos | 23.2:r2-s3 |
| juniper | junos | 23.2:r2-s4 |
| juniper | junos | 23.2:r2-s5 |
| juniper | junos | 23.4:r1 |
| juniper | junos | 23.4:r1-s1 |
| juniper | junos | 23.4:r1-s2 |
| juniper | junos | 23.4:r2 |
| juniper | junos | 23.4:r2-s1 |
| juniper | junos | 23.4:r2-s2 |
| juniper | junos | 23.4:r2-s3 |
| juniper | junos | 23.4:r2-s4 |
| juniper | junos | 23.4:r2-s5 |
| juniper | junos | 23.4:r2-s6 |
| juniper | junos | 24.2:r1 |
| juniper | junos | 24.2:r1-s1 |
| juniper | junos | 24.2:r1-s2 |
| juniper | junos | 24.4:r1 |
| juniper | junos | 24.4:r1-s2 |
| juniper | junos | 24.4:r1-s3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References