Denial-of-Service Vulnerability in Juniper Networks Junos OS VPN Service
CVE-2026-57024
What is CVE-2026-57024?
A vulnerability in the IKE daemon (iked) of Juniper Networks' Junos OS, specifically impacting MX with SPC3 and SRX Series devices, allows unauthenticated attackers to cause a denial-of-service (DoS) disruption. This occurs during extensive VPN negotiation failures, resulting in a peer index rollover. Consequently, new peers are assigned index values that are already in use, leading to repeated crashes of the iked process. This affects the establishment of new VPN connections and the rekeying of existing ones. The only way to restore service is through a system reboot. Users are advised to monitor tunnel status events to identify potential occurrences of this vulnerability.
Affected Version(s)
Junos OS SRX Series 0 < 23.2R2-S7
Junos OS SRX Series 23.4 < 23.4R2-S6
Junos OS SRX Series 24.2 < 24.2R2-S3