Description
A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).



On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.
Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.

To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:

user@host> show system processes extensive | match "KMD|IKED"
This issue affects Junos OS on MX with SPC3, SRX Series:


* all versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S4,
* 25.2 versions before 25.2R1-S1.
Published: 2026-07-09
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos OS: 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.


Vendor Workaround

There are no known workarounds for this issue.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 21:45:00 +0000

Type Values Removed Values Added
Description A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs. To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with: user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R1-S1.
Title Junos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually cause iked to crash continuously
Weaknesses CWE-694
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-07-09T21:06:57.585Z

Reserved: 2026-06-23T16:27:00.248Z

Link: CVE-2026-57024

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-694

    Use of Multiple Resources with Duplicate Identifier