CVE-2026-33788
Received
Received - Intake
Missing Authentication in Juniper Junos PTX FPCs Enables Privilege Escalation
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: Juniper Networks, Inc.
Description
Description
A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device.
A local user with low privileges can gain direct access to the installed FPCs as a high privileged user, which can potentially lead to a full compromise of the affected component.
This issue affectsΒ Junos OS Evolved on PTX10004, PTX10008, PTX100016, with JNP10K-LC1201 or JNP10K-LC1202:
* All versions before 21.2R3-S8-EVO,
* 21.4-EVO versions before 21.4R3-S7-EVO,
* 22.2-EVO versions before 22.2R3-S4-EVO,
* 22.3-EVO versions before 22.3R3-S3-EVO,
* 22.4-EVO versions before 22.4R3-S2-EVO,
* 23.2-EVO versions before 23.2R2-EVO.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper_networks | junos_os_evolved | to 21.2R3-S8-EVO (exc) |
| juniper_networks | junos_os_evolved | to 21.4R3-S7-EVO (exc) |
| juniper_networks | junos_os_evolved | to 22.2R3-S4-EVO (exc) |
| juniper_networks | junos_os_evolved | to 22.3R3-S3-EVO (exc) |
| juniper_networks | junos_os_evolved | to 22.4R3-S2-EVO (exc) |
| juniper_networks | junos_os_evolved | to 23.2R2-EVO (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
