SB2026050814 - MitM attack in Junos OS

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Following of a Certificate's Chain of Trust (CVE-ID: CVE-2026-33779)

The vulnerability allows a remote attacker to disclose sensitive information and potentially modify it.

The vulnerability exists due to improper following of a certificate's chain of trust in J-Web when an SRX device is provisioned to connect to Security Director cloud. A remote attacker can intercept device-to-cloud communication using a machine-in-the-middle position to disclose sensitive information and potentially modify it.

The issue affects communication between SRX devices and Security Director cloud, and exposed data may include credentials.

Remediation

Install update from vendor's website.

References

• https://supportportal.juniper.net/s/article/2026-04-Security-Bulletin-Junos-OS-SRX-Series-Insufficient-certificate-verification-for-device-to-SD-cloud-communication-CVE-2026-33779
• https://supportportal.juniper.net/JSA107823