Report a Security Vulnerability
The Juniper Networks Security Incident Response Team has an email alias that makes it easy for customers and others to report potential security vulnerabilities.
Please report any potential or real instances of security vulnerabilities with any Juniper Networks product to the Juniper Networks Security Incident Response Team at firstname.lastname@example.org. For immediate assistance, JTAC is available 24 hours a day by calling 888-314-JTAC FREE (North America) or +1-408-745-9500.
Please report any security vulnerabilities found on the Juniper Networks external website to the IT Computer Incident Response Team at IT- CIRT@juniper.net.
When you have found a security vulnerability with a Juniper Networks product.
When you have found a security vulnerability in the Juniper Networks external website.
In any of these situations you should contact our technical support team first. If our technical support team recognizes a security issue they will escalate it to the Security Incident Response Team.
The Juniper Security Incident Response Team, which is a restricted and carefully chosen group of Juniper employees, monitors this email address. No outside users can subscribe to this list.
When you contact the list please give as much information as possible. We encourage you to encrypt any sensitive information you send to us using our public key, visible at the bottom of this page and available at various key servers.
All issues reported to the Security Incident Response Team will be investigated. Fixes will be generated where necessary and when applicable, per our policies, a security advisory will be released. Unless you inform us otherwise, it is our usual practice to cooperate with other affected security vendors and organizations such as CERT/CC to share vulnerability information and fixes. However, we will never forward the email that you send to us, and we will not pass on any information that could identify you, your company, your machines, or your configuration.
Please note: Juniper does not provide an advance notification service. Security fixes and advisories are freely available from our web site.
following PGP key for secure communication.
To verify the validity of text security alerts, this PGP key can be used.
To verify the validity of PDF security alerts, this X.509 certificate can be used.