CVE-2026-33783: CWE-686 Function Call With Incorrect Argument Type in Juniper Networks Junos OS Evolved
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33783) is a function call with incorrect argument type (CWE-686) in the sensor interface of Juniper Junos OS Evolved on PTX Series devices. When colored SRTE policy tunnels are provisioned via PCEP and monitored using gRPC, if the Originator ASN field in PCEP contains a 32-bit ASN value greater than 65,535, the evo-aftmand process crashes and fails to restart, causing a complete denial of service. The system remains down until manually rebooted. The issue is not reproducible with statically configured SRTE policy tunnels. Multiple versions prior to specified patch releases are affected.
Potential Impact
An authenticated network attacker with low privileges can trigger a complete and persistent denial of service on affected Junos OS Evolved PTX Series devices by exploiting this vulnerability. The service impact is total, as the critical evo-aftmand process crashes and does not recover automatically, requiring manual system restart. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is indicated in the provided data. Until a patch is available, avoid provisioning colored SRTE policy tunnels via PCEP with Originator ASN values larger than 65,535 when using gRPC monitoring. Static configuration of SRTE policy tunnels does not trigger the issue and may be used as a temporary mitigation.
CVE-2026-33783: CWE-686 Function Call With Incorrect Argument Type in Juniper Networks Junos OS Evolved
Description
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33783) is a function call with incorrect argument type (CWE-686) in the sensor interface of Juniper Junos OS Evolved on PTX Series devices. When colored SRTE policy tunnels are provisioned via PCEP and monitored using gRPC, if the Originator ASN field in PCEP contains a 32-bit ASN value greater than 65,535, the evo-aftmand process crashes and fails to restart, causing a complete denial of service. The system remains down until manually rebooted. The issue is not reproducible with statically configured SRTE policy tunnels. Multiple versions prior to specified patch releases are affected.
Potential Impact
An authenticated network attacker with low privileges can trigger a complete and persistent denial of service on affected Junos OS Evolved PTX Series devices by exploiting this vulnerability. The service impact is total, as the critical evo-aftmand process crashes and does not recover automatically, requiring manual system restart. There is no impact on confidentiality or integrity reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is indicated in the provided data. Until a patch is available, avoid provisioning colored SRTE policy tunnels via PCEP with Originator ASN values larger than 65,535 when using gRPC monitoring. Static configuration of SRTE policy tunnels does not trigger the issue and may be used as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.669Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d822bd1cc7ad14da2ac971
Added to database: 4/9/2026, 10:05:49 PM
Last enriched: 4/9/2026, 10:22:03 PM
Last updated: 4/10/2026, 7:33:09 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.