{"api_version":"1","generated_at":"2026-07-12T16:51:48+00:00","cve":"CVE-2026-57024","urls":{"html":"https://cve.report/CVE-2026-57024","api":"https://cve.report/api/cve/CVE-2026-57024.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-57024","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-57024"},"summary":{"title":"Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously","description":"A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host> show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1.","state":"PUBLISHED","assigner":"juniper","published_at":"2026-07-09 22:17:07","updated_at":"2026-07-10 17:49:57"},"problem_types":["CWE-694","CWE-694 CWE-694 Use of Multiple Resources with Duplicate Identifier"],"metrics":[{"version":"4.0","source":"sirt@juniper.net","type":"Secondary","score":"6.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"6.9","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M","data":{"Automatable":"YES","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"}},{"version":"3.1","source":"sirt@juniper.net","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://supportportal.juniper.net/JSA110084","name":"https://supportportal.juniper.net/JSA110084","refsource":"sirt@juniper.net","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-57024","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57024","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 23.2R2-S7 custom","platforms":["SRX Series","MX with SPC3"]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 23.4 23.4R2-S6 custom","platforms":["SRX Series","MX with SPC3"]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 24.2 24.2R2-S3 custom","platforms":["SRX Series","MX with SPC3"]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 24.4 24.4R2-S4 custom","platforms":["SRX Series","MX with SPC3"]},{"source":"CNA","vendor":"Juniper Networks","product":"Junos OS","version":"affected 25.2 25.2R1-S1 custom","platforms":["SRX Series","MX with SPC3"]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"There are no known workarounds for this issue.","time":"","lang":"en"}],"exploits":[{"source":"CNA","title":"","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"57024","cve":"CVE-2026-57024","epss":"0.004170000","percentile":"0.336640000","score_date":"2026-07-11","updated_at":"2026-07-12 00:00:50"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-57024","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-10T14:31:42.431662Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-10T14:31:54.759Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["SRX Series","MX with SPC3"],"product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"23.2R2-S7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"23.4R2-S6","status":"affected","version":"23.4","versionType":"custom"},{"lessThan":"24.2R2-S3","status":"affected","version":"24.2","versionType":"custom"},{"lessThan":"24.4R2-S4","status":"affected","version":"24.4","versionType":"custom"},{"lessThan":"25.2R1-S1","status":"affected","version":"25.2","versionType":"custom"}]}],"datePublic":"2026-07-08T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br>\n\n<br>On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail&nbsp;a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.<br>Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.<br><br>To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:<br><br><tt>user@host&gt; show system processes extensive | match \"KMD|IKED\"</tt><p><br>This issue affects Junos OS on MX with SPC3, SRX Series:<br></p><ul><li>all versions before 23.2R2-S7,</li><li>23.4 versions before 23.4R2-S6,</li><li>24.2 versions before 24.2R2-S3,</li><li>24.4 versions before 24.4R2-S4,</li><li>25.2 versions before 25.2R1-S1.</li></ul><br>"}],"value":"A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host> show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"YES","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-694","description":"CWE-694 Use of Multiple Resources with Duplicate Identifier","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-09T21:06:57.585Z","orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA110084"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."}],"value":"The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."}],"source":{"advisory":"JSA110084","defect":["1889298"],"discovery":"USER"},"title":"Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue."}],"value":"There are no known workarounds for this issue."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","cveId":"CVE-2026-57024","datePublished":"2026-07-09T21:06:57.585Z","dateReserved":"2026-06-23T16:27:00.248Z","dateUpdated":"2026-07-10T14:31:54.759Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-09 22:17:07","lastModifiedDate":"2026-07-10 17:49:57","problem_types":["CWE-694","CWE-694 CWE-694 Use of Multiple Resources with Duplicate Identifier"],"metrics":{"cvssMetricV40":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-10T14:31:42.431662Z","id":"CVE-2026-57024","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"57024","Ordinal":"1","Title":"Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation fai","CVE":"CVE-2026-57024","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"57024","Ordinal":"1","NoteData":"A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\nOn an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.\nPlease note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.\n\nTo be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:\n\nuser@host> show system processes extensive | match \"KMD|IKED\"\nThis issue affects Junos OS on MX with SPC3, SRX Series:\n\n\n  *  all versions before 23.2R2-S7,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R1-S1.","Type":"Description","Title":"Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation fai"}]}}}