CVE-2026-57024 in Junos OS
Summary
by MITRE • 07/10/2026
A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted. Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.
To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:
user@host> show system processes extensive | match "KMD|IKED" This issue affects Junos OS on MX with SPC3, SRX Series:
* all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R1-S1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/10/2026
This vulnerability represents a critical resource management flaw in the Internet Key Exchange daemon implementation within Juniper Networks Junos OS operating on MX series devices with SPC3 line cards and SRX series security appliances. The issue manifests as a use of multiple resources with duplicate identifier condition that fundamentally undermines the VPN service availability through a denial-of-service mechanism. The vulnerability specifically impacts systems running the iked process rather than kmd which remains unaffected, making it essential for administrators to verify their system configuration before assessing risk.
The technical root cause stems from improper index management within the IKE daemon where peer indices are not properly tracked or recycled when VPN negotiations fail repeatedly. When a large volume of failed VPN connections occurs on systems configured for VPN service, the peer index value rollover mechanism becomes exhausted and begins assigning duplicate indices to new peers. This creates a cascading failure condition where the iked process enters an unstable state characterized by repeated crashes and system instability. The vulnerability operates at the protocol level within the IKE implementation, specifically affecting the key exchange process that establishes secure communications between VPN endpoints.
The operational impact of this vulnerability is severe as it completely disrupts VPN functionality for both new connection establishment and existing connection rekeying operations. Network administrators experience complete loss of secure communication capabilities for all VPN services until system reboot occurs, which represents a significant service disruption. The DoS condition affects the entire VPN infrastructure rather than individual connections, making it particularly damaging to network security operations that depend on secure remote access capabilities. The vulnerability's stealthy nature makes detection challenging since index values cannot be directly monitored, requiring administrators to rely on indirect indicators such as tunnel up and down event monitoring.
This vulnerability aligns with CWE-367, which addresses the use of multiple resources with duplicate identifiers, and maps to ATT&CK technique T1499.004 for network denial-of-service attacks. The attack surface is primarily accessible through network-based exploitation without requiring authentication, making it particularly dangerous as it can be triggered by automated scanning or sustained attack patterns. The affected platforms include specific Junos OS versions across multiple release branches, with the vulnerability present in all versions before the specified patches including 23.2R2-S7, 23.4R2-S6, 24.2R2-S3, 24.4R2-S4, and 25.2R1-S1. Organizations should immediately implement mitigation strategies including applying the appropriate software patches, monitoring VPN tunnel events for unusual patterns, and implementing network segmentation to limit exposure.
The remediation approach requires immediate deployment of patched Junos OS versions that address the index management logic within the iked daemon. System administrators should perform comprehensive vulnerability assessments across all MX series devices with SPC3 and SRX series appliances to identify affected systems before applying patches. Monitoring solutions should be enhanced to track VPN tunnel stability metrics and alert on excessive up/down events that may indicate approaching index exhaustion conditions. Additionally, network administrators should consider implementing temporary workarounds such as reducing concurrent VPN connection limits or implementing connection rate limiting to delay the occurrence of this condition while permanent patches are deployed.