Junos OS: SRX Series: Insufficient certificate verification for device to SD cloud communication
Summary
| CVE | CVE-2026-33779 |
|---|---|
| State | PUBLISHED |
| Assigner | juniper |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-09 22:16:26 UTC |
| Updated | 2026-04-17 17:21:52 UTC |
| Description | An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is provisioned to connect to Security Director (SD) cloud, it doesn't perform sufficient verification of the received server certificate. This allows a PITM to intercept the communication between the SRX and SD cloud and access credentials and other sensitive information. This issue affects Junos OS: * all versions before 22.4R3-S9, * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S2, 25.2R2. |
Risk And Classification
Primary CVSS: v4.0 8.3 HIGH from [email protected]
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X
EPSS: 0.000240000 probability, percentile 0.063520000 (date 2026-04-18)
Problem Types: CWE-296 | CWE-296 CWE-296 Improper Following of a Certificate's Chain of Trust
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 8.3 | HIGH | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 8.3 | HIGH | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/RE:M |
| 3.1 | [email protected] | Primary | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
| 3.1 | CNA | CVSS | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
HighAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
HighIntegrity
LowAvailability
NoneSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | 22.4 | - | All | All |
| Operating System | Juniper | Junos | 22.4 | r1 | All | All |
| Operating System | Juniper | Junos | 22.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 22.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 22.4 | r2 | All | All |
| Operating System | Juniper | Junos | 22.4 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 22.4 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s5 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s6 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s7 | All | All |
| Operating System | Juniper | Junos | 22.4 | r3-s8 | All | All |
| Operating System | Juniper | Junos | 23.2 | - | All | All |
| Operating System | Juniper | Junos | 23.2 | r1 | All | All |
| Operating System | Juniper | Junos | 23.2 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 23.2 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2-s3 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2-s4 | All | All |
| Operating System | Juniper | Junos | 23.2 | r2-s5 | All | All |
| Operating System | Juniper | Junos | 23.4 | - | All | All |
| Operating System | Juniper | Junos | 23.4 | r1 | All | All |
| Operating System | Juniper | Junos | 23.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 23.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s3 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s4 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s5 | All | All |
| Operating System | Juniper | Junos | 23.4 | r2-s6 | All | All |
| Operating System | Juniper | Junos | 24.2 | - | All | All |
| Operating System | Juniper | Junos | 24.2 | r1 | All | All |
| Operating System | Juniper | Junos | 24.2 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 24.2 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 24.2 | r2 | All | All |
| Operating System | Juniper | Junos | 24.2 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 24.2 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 24.4 | - | All | All |
| Operating System | Juniper | Junos | 24.4 | r1 | All | All |
| Operating System | Juniper | Junos | 24.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 24.4 | r1-s3 | All | All |
| Operating System | Juniper | Junos | 24.4 | r2 | All | All |
| Operating System | Juniper | Junos | 24.4 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 25.2 | - | All | All |
| Operating System | Juniper | Junos | 25.2 | r1 | All | All |
| Operating System | Juniper | Junos | 25.2 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 25.2 | r2 | All | All |
| Hardware | Juniper | Srx1500 | - | All | All | All |
| Hardware | Juniper | Srx1600 | - | All | All | All |
| Hardware | Juniper | Srx2300 | - | All | All | All |
| Hardware | Juniper | Srx300 | - | All | All | All |
| Hardware | Juniper | Srx320 | - | All | All | All |
| Hardware | Juniper | Srx340 | - | All | All | All |
| Hardware | Juniper | Srx345 | - | All | All | All |
| Hardware | Juniper | Srx380 | - | All | All | All |
| Hardware | Juniper | Srx4100 | - | All | All | All |
| Hardware | Juniper | Srx4120 | - | All | All | All |
| Hardware | Juniper | Srx4200 | - | All | All | All |
| Hardware | Juniper | Srx4300 | - | All | All | All |
| Hardware | Juniper | Srx4600 | - | All | All | All |
| Hardware | Juniper | Srx4700 | - | All | All | All |
| Hardware | Juniper | Srx5400 | - | All | All | All |
| Hardware | Juniper | Srx5600 | - | All | All | All |
| Hardware | Juniper | Srx5800 | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Juniper Networks | Junos OS | affected 22.4R3-S9 semver | SRX Series |
| CNA | Juniper Networks | Junos OS | affected 23.2 23.2R2-S6 semver | SRX Series |
| CNA | Juniper Networks | Junos OS | affected 23.4 23.4R2-S7 semver | SRX Series |
| CNA | Juniper Networks | Junos OS | affected 24.2 24.2R2-S3 semver | SRX Series |
| CNA | Juniper Networks | Junos OS | affected 24.4 24.4R2-S2 semver | SRX Series |
| CNA | Juniper Networks | Junos OS | affected 25.2 25.2R1-S2, 25.2R2 semver | SRX Series |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kb.juniper.net/JSA107823 | [email protected] | kb.juniper.net | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Juniper SIRT would like to acknowledge and thank Konrad Porzezynski for responsibly reporting this vulnerability. (en)
Additional Advisory Data
Solutions
CNA: The following software releases have been updated to resolve this specific issue: 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.
Workarounds
CNA: There are no known workarounds for this issue.
Exploits
CNA: Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
There are currently no legacy QID mappings associated with this CVE.