CVE-2026-33785 Juniper — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	6.3 (MEDIUM)
Type	CWE-862 (Missing Authorization)
Vendor	Juniper
Public PoC	No

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX.

This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-862 Missing Authorization

Vulnerable Products 22

Configuration	From (including)	Up to (excluding)
Juniper Junos cpe:2.3:o:juniper:junos:24.4:-::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r1-s2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r1-s3::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r2-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:24.4:r2-s2::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:25.2:-::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:25.2:r1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:25.2:r1-s1::::::	—	—
Juniper Junos cpe:2.3:o:juniper:junos:25.2:r1-s2::::::	—	—
Juniper Mx10004 cpe:2.3:h:juniper:mx10004:-:::::::*	—	—
Juniper Mx10008 cpe:2.3:h:juniper:mx10008:-:::::::*	—	—
Juniper Mx2008 cpe:2.3:h:juniper:mx2008:-:::::::*	—	—
Juniper Mx2010 cpe:2.3:h:juniper:mx2010:-:::::::*	—	—
Juniper Mx2020 cpe:2.3:h:juniper:mx2020:-:::::::*	—	—
Juniper Mx204 cpe:2.3:h:juniper:mx204:-:::::::*	—	—
Juniper Mx240 cpe:2.3:h:juniper:mx240:-:::::::*	—	—
Juniper Mx301 cpe:2.3:h:juniper:mx301:-:::::::*	—	—
Juniper Mx304 cpe:2.3:h:juniper:mx304:-:::::::*	—	—
Juniper Mx480 cpe:2.3:h:juniper:mx480:-:::::::*	—	—
Juniper Mx960 cpe:2.3:h:juniper:mx960:-:::::::*	—	—

References 1

https://kb.juniper.net/JSA107872

sirt@juniper.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33797

Juniper

7.1

CVE-2026-33793

Juniper

8.5

CVE-2026-33791

Juniper

8.4

CVE-2026-33790

Juniper

8.7

CVE-2026-33787

Juniper

6.8

Menu

CVE-2026-33785

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 22

References 1

Related Vulnerabilities

CVE-2026-33797

CVE-2026-33793

CVE-2026-33791

CVE-2026-33790

CVE-2026-33787

CVE Details

Editor's Choice

Menu

CVE-2026-33785

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 22

References 1

Related Vulnerabilities

CVE-2026-33797

CVE-2026-33793

CVE-2026-33791

CVE-2026-33790

CVE-2026-33787

CVE Details

Editor's Choice

Stay informed on cybersecurity