CVE-2026-33774
Firewall Bypass via Improper Checks in Juniper MX Series PFE
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junoss | to 23.2r2 (exc) |
| juniper | junoss | to 23.4r2-s7 (exc) |
| juniper | junoss | to 24.2r2 (exc) |
| juniper | junoss | to 24.4r2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Check for Unusual or Exceptional Conditions in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series devices. It allows an unauthenticated, network-based attacker to bypass the configured firewall filter and access the control-plane of the device.
Specifically, on MX platforms with MPC10, MPC11, LC4800, or LC9600 line cards, and MX304, firewall filters applied on a loopback interface lo0.n (where n is a non-zero number) do not get executed when lo0.n is in the global VRF or default routing-instance. This means that if a firewall filter is applied to such a loopback interface but the interface is not referred to in any routing-instance configuration, the filter is effectively bypassed.
As a result, the firewall filter counters do not show any matches for traffic that should have been filtered, indicating the filter is not applied as expected.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to bypass firewall filters and gain unauthorized access to the control-plane of affected Juniper MX Series devices.
Such unauthorized access could lead to potential manipulation or disruption of network device operations, compromising network security and stability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking whether firewall filters applied on non-zero loopback interfaces (lo0.n) in the global VRF/default routing-instance are being executed properly.
Specifically, you can use the Junos CLI command to observe if the firewall filter counters are incrementing as expected:
- show firewall counter filter <filter_name>
If this command shows no matches despite traffic that should be filtered, it indicates the firewall filter is not being executed, which is symptomatic of this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should avoid applying firewall filters on non-zero loopback interfaces (lo0.n) that are in the global VRF/default routing-instance on affected MX Series devices.
Alternatively, ensure that the loopback interface is referenced in a routing-instance configuration rather than the default routing-instance.
Additionally, upgrading Junos OS to a fixed version is recommended. The affected versions are all versions before 23.2R2-S6, 23.4 versions before 23.4R2-S7, 24.2 versions before 24.2R2, and 24.4 versions before 24.4R2.