CVE-2026-33783: CWE-686 Function Call With Incorrect Argument Type in Juniper Networks Junos OS Evolved
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33783) involves a function call with an incorrect argument type in the sensor interface of Junos OS Evolved on PTX Series devices. When colored SRTE policy tunnels are provisioned via PCEP and monitored over gRPC, the evo-aftmand daemon crashes if the Originator ASN field in PCEP exceeds 65,535, causing a persistent Denial of Service that requires manual reboot. The issue does not occur with statically configured SRTE tunnels. Affected versions include all before 22.4R3-S9-EVO, 23.2 before 23.2R2-S6-EVO, 23.4 before 23.4R2-S7-EVO, 24.2 before 24.2R2-S4-EVO, 24.4 before 24.4R2-S2-EVO, and 25.2 before 25.2R1-S2-EVO and 25.2R2-EVO.
Potential Impact
An authenticated attacker with low privileges can cause a complete and persistent Denial of Service on affected Junos OS Evolved PTX Series devices by triggering a crash of the evo-aftmand process. This results in service disruption until the system is manually restarted. There is no impact on confidentiality or integrity, only availability is affected.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid provisioning colored SRTE policy tunnels via PCEP with Originator ASN values larger than 65,535 when using gRPC monitoring. Using statically configured SRTE policy tunnels is not affected by this issue.
CVE-2026-33783: CWE-686 Function Call With Incorrect Argument Type in Juniper Networks Junos OS Evolved
Description
A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33783) involves a function call with an incorrect argument type in the sensor interface of Junos OS Evolved on PTX Series devices. When colored SRTE policy tunnels are provisioned via PCEP and monitored over gRPC, the evo-aftmand daemon crashes if the Originator ASN field in PCEP exceeds 65,535, causing a persistent Denial of Service that requires manual reboot. The issue does not occur with statically configured SRTE tunnels. Affected versions include all before 22.4R3-S9-EVO, 23.2 before 23.2R2-S6-EVO, 23.4 before 23.4R2-S7-EVO, 24.2 before 24.2R2-S4-EVO, 24.4 before 24.4R2-S2-EVO, and 25.2 before 25.2R1-S2-EVO and 25.2R2-EVO.
Potential Impact
An authenticated attacker with low privileges can cause a complete and persistent Denial of Service on affected Junos OS Evolved PTX Series devices by triggering a crash of the evo-aftmand process. This results in service disruption until the system is manually restarted. There is no impact on confidentiality or integrity, only availability is affected.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid provisioning colored SRTE policy tunnels via PCEP with Originator ASN values larger than 65,535 when using gRPC monitoring. Using statically configured SRTE policy tunnels is not affected by this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.669Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d822bd1cc7ad14da2ac971
Added to database: 4/9/2026, 10:05:49 PM
Last enriched: 4/17/2026, 11:58:52 AM
Last updated: 5/24/2026, 6:57:36 PM
Views: 66
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.