Home

Description

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause license exhaustion. Due to an incorrect initialization, a process which should only be able to communicate internally within the device, can be reached over the network via an open port. This leads to unauthorized access to the license management. This issue affects all Junos OS Evolved versions before 23.2R2-EVO.

PUBLISHED Reserved 2026-06-23 | Published 2026-07-09 | Updated 2026-07-10 | Assigner juniper




HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/RE:M

Problem types

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

Product status

Default status
unaffected

Any version before 23.2R2-EVO
affected

References

supportportal.juniper.net/JSA110088 vendor-advisory

cve.org (CVE-2026-57028)

nvd.nist.gov (CVE-2026-57028)

Download JSON