""vLWC software images ship with an initial password for a high-privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.""
""Tracked as CVE-2026-33771, the security defect exists because settings related to password complexity requirements are not saved, leading to the use of weak passwords that could be guessed and exploited.""
""Multiple high-severity flaws in Junos OS could allow attackers to cause DoS conditions via crafted packets, directly access FPCs installed on devices, gain root privileges and take over devices, and execute commands to compromise managed devices.""
Juniper Networks issued patches for nearly three dozen vulnerabilities affecting Junos OS and Junos OS Evolved. The most critical flaw, CVE-2026-33784, involves a default password in the Support Insights Virtual Lightweight Collector, allowing remote exploitation. Other vulnerabilities include weak password issues in CTP OS and high-severity flaws in Junos OS that could enable denial-of-service attacks and unauthorized command execution. Juniper Networks has not reported any exploitation of these vulnerabilities in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]