प्लेटफ़ॉर्म
juniper
घटक
junos
में ठीक किया गया
21.2R3-S8-EVO
21.4R3-S7-EVO
22.2R3-S4-EVO
22.3R3-S3-EVO
22.4R3-S2-EVO
23.2R2-EVO
CVE-2026-33788 describes a Missing Authentication for Critical Function vulnerability within the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series devices. This flaw allows a local, authenticated attacker with low privileges to escalate to high privileges and gain direct access to the FPCs. The vulnerability impacts versions prior to 21.2R3-S8-EVO and is addressed in version 23.2R2-EVO.
The impact of CVE-2026-33788 is significant due to the potential for complete compromise of the affected FPC. An attacker who can exploit this vulnerability can bypass authentication controls and directly access the FPC, effectively gaining root-level access. This could allow them to modify system configurations, steal sensitive data stored on the FPC, or even pivot to other parts of the network. The ability to directly access the FPC represents a substantial escalation of privileges, making it a high-risk vulnerability. Successful exploitation could lead to denial of service, data breaches, and potentially complete network takeover.
CVE-2026-33788 was publicly disclosed on April 9, 2026. Its inclusion in the CISA KEV catalog (KEV) status is currently unknown. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature suggests a relatively high likelihood of exploitation once a POC is released. Given the ease of local access required for exploitation, it presents a significant risk for organizations with physical access to their Juniper devices.
Organizations utilizing Juniper Networks PTX10004, PTX10008, and PTX100016 devices running Junos OS Evolved versions prior to 21.2R3-S8-EVO are at significant risk. This includes data centers, network service providers, and any organization relying on these devices for critical network infrastructure. Environments with limited physical security controls or lax access management practices are particularly vulnerable.
• linux / server:
journalctl -u junos -g "FPC access"• linux / server:
ps aux | grep -i fpc• linux / server:
ssh -l low_priv_user <junos_device_ip> && sudo -u high_priv_user /path/to/fpc_access_tooldisclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (3% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-33788 is to upgrade Juniper Junos OS Evolved to version 23.2R2-EVO or later. Prior to upgrading, it's crucial to review the release notes for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing network segmentation to limit the potential blast radius of a successful attack. While a direct workaround isn't available, restricting access to the FPCs and implementing strict authentication policies can reduce the attack surface. After upgrading, confirm the fix by attempting to access the FPC with a low-privilege user account and verifying that access is denied.
PTX10004, PTX10008, PTX100016 उपकरणों पर Junos OS Evolved को संस्करण 21.2R3-S8-EVO या उच्चतर, 21.4R3-S7-EVO या उच्चतर, 22.2R3-S4-EVO या उच्चतर, 22.3R3-S3-EVO या उच्चतर, 22.4R3-S2-EVO या उच्चतर, या 23.2R2-EVO या उच्चतर में अपडेट करें ताकि भेद्यता को कम किया जा सके।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-33788 is a HIGH severity vulnerability in Juniper Junos OS Evolved allowing a local, authenticated attacker to gain direct access to FPCs, potentially leading to full component compromise.
You are affected if you are running Junos OS Evolved on PTX Series devices (PTX10004, PTX10008, PTX100016) with JNP10K-LC1201 or JNP10K-LC1202 versions before 21.2R3-S8-EVO.
Upgrade to Juniper Junos OS Evolved version 23.2R2-EVO or later. Review release notes before upgrading to avoid compatibility issues.
While no active exploitation has been confirmed, the vulnerability's nature suggests a high likelihood of exploitation once a proof-of-concept is released.
Refer to the official Juniper Security Advisory for details: [https://www.juniper.net/us/en/support/security/advisories/CVE-2026-33788/]
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।