CVE-2026-33785: CWE-862 Missing Authorization in Juniper Networks Junos OS
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-33785) in Juniper Networks Junos OS on MX Series is due to missing authorization checks in the CLI. Specifically, any authenticated user with low privileges can execute 'request csds' commands, which are intended only for high-privileged users or those assigned to Juniper Device Manager or Connected Security Distributed Services operations. These commands affect all aspects of devices managed via the MX Series, potentially leading to full device compromise. The issue impacts Junos OS versions 24.4 prior to 24.4R2-S3 and 25.2 prior to 25.2R2. Juniper manages this as a cloud service and has made patches available.
Potential Impact
An authenticated user with low privileges can execute operational commands that should be restricted, resulting in complete compromise of the managed MX Series devices. This includes full confidentiality, integrity, and availability impact as indicated by the CVSS 3.1 score of 8.8 with high impact on all three metrics.
Mitigation Recommendations
A patch is available for affected Junos OS versions 24.4 and 25.2. Since this is a cloud service, Juniper Networks manages remediation server-side. Users should verify with Juniper's official advisories to ensure their systems are updated to at least versions 24.4R2-S3 or 25.2R2 or later. No additional mitigation steps are indicated beyond applying the official patch.
CVE-2026-33785: CWE-862 Missing Authorization in Juniper Networks Junos OS
Description
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-33785) in Juniper Networks Junos OS on MX Series is due to missing authorization checks in the CLI. Specifically, any authenticated user with low privileges can execute 'request csds' commands, which are intended only for high-privileged users or those assigned to Juniper Device Manager or Connected Security Distributed Services operations. These commands affect all aspects of devices managed via the MX Series, potentially leading to full device compromise. The issue impacts Junos OS versions 24.4 prior to 24.4R2-S3 and 25.2 prior to 25.2R2. Juniper manages this as a cloud service and has made patches available.
Potential Impact
An authenticated user with low privileges can execute operational commands that should be restricted, resulting in complete compromise of the managed MX Series devices. This includes full confidentiality, integrity, and availability impact as indicated by the CVSS 3.1 score of 8.8 with high impact on all three metrics.
Mitigation Recommendations
A patch is available for affected Junos OS versions 24.4 and 25.2. Since this is a cloud service, Juniper Networks manages remediation server-side. Users should verify with Juniper's official advisories to ensure their systems are updated to at least versions 24.4R2-S3 or 25.2R2 or later. No additional mitigation steps are indicated beyond applying the official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- juniper
- Date Reserved
- 2026-03-23T19:46:13.670Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d822bd1cc7ad14da2ac977
Added to database: 4/9/2026, 10:05:49 PM
Last enriched: 4/9/2026, 10:21:12 PM
Last updated: 4/10/2026, 8:13:52 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.