Juniper Networks released patches for nearly three dozen vulnerabilities in Junos OS, Junos OS Evolved, vLWC, CTP OS, and Apstra that could enable privilege escalation, denial-of-service, or remote command execution. The most severe is CVE-2026-33784, a default high-privileged account password in the Support Insights vLWC, and Juniper says it is not aware of any active exploitation of these flaws. #JuniperNetworks #JunosOS
Keypoints
- Juniper released patches for nearly three dozen vulnerabilities across Junos OS, Junos OS Evolved, vLWC, CTP OS, and Apstra.
- CVE-2026-33784 (CVSS 9.8) is a default password in Support Insights vLWC that can be exploited remotely for full device takeover.
- CVE-2026-33771 in CTP OS stems from unsaved password complexity settings, allowing weak passwords that could be guessed by attackers.
- An SSH host key validation flaw in Apstra can be abused in machine-in-the-middle attacks to capture user credentials.
- Multiple high- and medium-severity Junos OS flaws could cause DoS, grant root access, execute commands, or expose sensitive information, with no known in-the-wild exploitation reported.
Read More: https://www.securityweek.com/juniper-networks-patches-dozens-of-junos-os-vulnerabilities/