cvelistv5 - cve-2026-21913

CVE-2026-21913 (GCVE-0-2026-21913)

Vulnerability from cvelistv5

Published

2026-01-15 20:25

Modified

2026-01-15 20:45

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

CWE

CWE-1419 - Incorrect Initialization of Resource

Summary

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

References

URL

Tags

	https://supportportal.juniper.net/JSA106014	vendor-advisory
	https://kb.juniper.net/JSA106014	vendor-advisory

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Version: 24.4 ≤ Version: 25.2 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T20:44:57.151563Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T20:45:02.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "EX4000-48T",
            "EX4000-48P",
            "EX4000-48MP"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S2, 25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u0026nbsp; reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump\u003c/tt\u003e\u003cp\u003e \n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e24.4 versions before 24.4R2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S2, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."
            }
          ],
          "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\n\n\n\n\nThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\n\n\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \n\n\n\n\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\n\n\n\n  *  24.4 versions before 24.4R2,\n  *  25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1419",
              "description": "CWE-1419 Incorrect Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:25:03.276Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA106014"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA106014"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA106014",
        "defect": [
          "1898489"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-21913",
    "datePublished": "2026-01-15T20:25:03.276Z",
    "dateReserved": "2026-01-05T17:32:48.710Z",
    "dateUpdated": "2026-01-15T20:45:02.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21913\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-15T20:44:57.151563Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-15T20:44:59.188Z\"}}], \"cna\": {\"title\": \"Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart\", \"source\": {\"defect\": [\"1898489\"], \"advisory\": \"JSA106014\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.4\", \"lessThan\": \"24.4R2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"25.2\", \"lessThan\": \"25.2R1-S2, 25.2R2\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"24.4R1\", \"versionType\": \"semver\"}], \"platforms\": [\"EX4000-48T\", \"EX4000-48P\", \"EX4000-48MP\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2026-01-14T17:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA106014\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA106014\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\\n\\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\\n\\n\\n\\n\\nThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\\n\\n\\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \\n\\n\\n\\n\\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\\n\\n\\n\\n  *  24.4 versions before 24.4R2,\\n  *  25.2 versions before 25.2R1-S2, 25.2R2.\\n\\n\\n\\n\\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ea high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u0026nbsp; reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump\u003c/tt\u003e\u003cp\u003e \\n\\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e24.4 versions before 24.4R2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S2, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1419\", \"description\": \"CWE-1419 Incorrect Initialization of Resource\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2026-01-15T20:25:03.276Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21913\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-15T20:45:02.652Z\", \"dateReserved\": \"2026-01-05T17:32:48.710Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2026-01-15T20:25:03.276Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0050

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 23.4R2-x antérieures à 23.4R2-S6
Juniper Networks	Junos Space	Policy Enforcer versions antérieures à 24.1R5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2R3-x antérieures à 22.2R3-S4-EVO
Juniper Networks	Junos OS	Junos OS versions 21.2R3-x antérieures à 21.2R3-S10
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2R2-x antérieures à 24.2R2-S3-EVO
Juniper Networks	Junos OS	Junos OS versions 24.2R2-x antérieures à 24.2R2-S3
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4R3-x antérieures à 22.4R3-S9-EVO
Juniper Networks	Junos OS	Junos OS versions 25.2R1-x antérieures à 25.2R1-S2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.3R3-x antérieures à 22.3R3-S3-EVO
Juniper Networks	Policy Enforcer	Policy Enforcer versions antérieures à 24.1R3
Juniper Networks	Junos OS	Junos OS versions 22.4R3-x antérieures à 22.4R3-S8
Juniper Networks	Junos OS	Junos OS versions 24.2R1-x antérieures à 24.2R1-S2
Juniper Networks	Junos OS	Junos OS versions 23.2R2-x antérieures à 23.2R2-S5
Juniper Networks	Junos OS	Junos OS versions 24.4R2-x antérieures à 24.4R2-S2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.4R3-x antérieures à 21.4R3-S7-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2R3-x antérieures à 22.2R3-S7
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2R2-x antérieures à 23.2R2-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 24.4R1-x antérieures à 24.4R1-S3
Juniper Networks	Junos OS	Junos OS versions 21.4R3-x antérieures à 21.4R3-S12
Juniper Networks	Junos OS	Junos OS versions 22.3R3-x antérieures à 22.3R3-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.4R2-x antérieures à 24.4R2-S1-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4R2-x antérieures à 23.4R2-S6-EVO
Juniper Networks	Junos OS	Junos OS versions 23.4R1-x antérieures à 23.4R1-S2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks CVE-2025-60011	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21921	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21913	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-0203	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21907	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-60003	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21911	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21909	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21903	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21917	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks 2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21914	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21908	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-60007	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-59961	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks 2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21910	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21906	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21918	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21920	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21912	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2024-50302	2026-01-14	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2026-21905	2026-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R5",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.2R3-x ant\u00e9rieures \u00e0 21.2R3-S10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S9-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 25.2R1-x ant\u00e9rieures \u00e0 25.2R1-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R3",
      "product": {
        "name": "Policy Enforcer",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2R1-x ant\u00e9rieures \u00e0 24.2R1-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.4R1-x ant\u00e9rieures \u00e0 24.4R1-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S12",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4R1-x ant\u00e9rieures \u00e0 23.4R1-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-21913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21913"
    },
    {
      "name": "CVE-2021-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2025-60003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60003"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2024-50302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
    },
    {
      "name": "CVE-2026-21918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21918"
    },
    {
      "name": "CVE-2026-21903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21903"
    },
    {
      "name": "CVE-2026-21907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21907"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2026-21917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21917"
    },
    {
      "name": "CVE-2026-21909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21909"
    },
    {
      "name": "CVE-2026-21906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21906"
    },
    {
      "name": "CVE-2026-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21912"
    },
    {
      "name": "CVE-2021-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2026-21911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21911"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2026-21921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21921"
    },
    {
      "name": "CVE-2025-60007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60007"
    },
    {
      "name": "CVE-2026-21914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21914"
    },
    {
      "name": "CVE-2025-59961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59961"
    },
    {
      "name": "CVE-2026-21910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21910"
    },
    {
      "name": "CVE-2025-60011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60011"
    },
    {
      "name": "CVE-2026-21920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21920"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2026-21905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21905"
    },
    {
      "name": "CVE-2026-21908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21908"
    },
    {
      "name": "CVE-2026-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0203"
    }
  ],
  "initial_release_date": "2026-01-15T00:00:00",
  "last_revision_date": "2026-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0050",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60011",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21921",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21913",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-0203",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21907",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60003",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21911",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21909",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21903",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21917",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21914",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21908",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60007",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-59961",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21910",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21906",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21918",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21920",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21912",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2024-50302",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302"
    },
    {
      "published_at": "2026-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21905",
      "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-21913 (GCVE-0-2026-21913)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0050

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature