Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-60007 (GCVE-0-2025-60007)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:16 – Updated: 2026-03-16 18:18
VLAI?
EPSS
Title
Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash
Summary
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/ | vendor-advisory |
| https://kb.juniper.net/JSA103173 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) |
Date Public ?
2026-01-14 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:10:02.048889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:10:13.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"EX Series",
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\n\n\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\n\n\n\nThis issue affects:\n\nJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T18:18:52.683Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103173"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103173",
"defect": [
"1854693"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: A specifically crafted \u0027show chassis\u0027 command causes chassisd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
}
],
"value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-60007",
"datePublished": "2026-01-15T20:16:22.617Z",
"dateReserved": "2025-09-23T18:19:06.961Z",
"dateUpdated": "2026-03-16T18:18:52.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-60007",
"date": "2026-05-12",
"epss": "6e-05",
"percentile": "0.00325"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-60007\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2026-01-15T21:16:03.780\",\"lastModified\":\"2026-03-16T19:16:14.107\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\\n\\n\\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\u00a0\\n\\n\\n\\n * all versions before 22.4R3-S8,\\n * 23.2 versions before 23.2R2-S5,\\n * 23.4 versions before 23.4R2-S6,\\n * 24.2 versions before 24.2R2-S2,\\n * 24.4 versions before 24.4R2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.4\",\"matchCriteriaId\":\"57F66641-003B-49D6-A9B9-AB300CFE3C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1379EF30-AF04-4F98-8328-52A631F24737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E42A41-7965-456B-B0AF-9D3229CE4D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB1A77D6-D3AD-481B-979C-8F778530B175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A064B6B-A99B-4D8D-A62D-B00C7870BC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"40813417-A938-4F74-A419-8C5188A35486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FC1BA1A-DF0E-4B15-86BA-24C60E546732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB967BF-3495-476D-839A-9DBFCBE69F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E5688D6-DCA4-4550-9CD1-A3D792252129\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8494546C-00EA-49B6-B6FA-FDE42CA5B1FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BB98579-FA33-4E41-A162-A46E9709FBD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E2562F-FB18-4347-8497-7D61B8157EBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A1E37B-1990-44D9-87FE-300678243BE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D306ED88-8700-4FD4-8919-3C85728C04C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"11340C63-A638-420C-85C9-1B4438C88D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A78CC80-E8B1-4CDA-BB35-A61833657FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3B2FE1-C228-46BE-AC76-70C2687050AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1B16FF0-900F-4AEE-B670-A537139F6909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B227E831-30FF-4BE1-B8B2-31829A5610A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6FB32DF-D062-4FB9-8777-452978BEC7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B6C811-5C10-4486-849D-5559B592350A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"078D61B9-A228-453C-9D20-6F9C6B20637F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F136A0-021D-43FE-BDD3-AD7201F7FC03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"78481ABC-3620-410D-BC78-334657E0BB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE8A5BA3-87BD-473A-B229-2AAB2C797005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B74AC3E-8FC9-400A-A176-4F7F21F10756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"175CCB13-76C0-44A4-A71D-41E22B92EB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"166BFDB3-1945-4949-BC2B-E18442FF2E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5923610F-878C-48CA-8B5D-9C609E4DD4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7C207E3-0252-4192-8E8C-E2ED2831B4F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6974492-FE69-4340-8881-61C3329C1545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"279E59FE-96DF-4E1D-A3A2-61D180F04533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"89524D6D-0B22-4952-AD8E-8072C5A05D5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD69A194-1B03-44EA-8092-79BD10C6F729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8463ADB4-B8A7-4D63-97A9-232ED713A21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE68337F-106E-4317-A5B6-292B0159F577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"266B520A-482A-43F7-90F8-B9D64D30034F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C452BDCB-34E3-42D3-8909-2312356EB70A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8158F2-2028-40E9-955F-CFD581A32F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7233A1-EC7A-4458-9AE1-835480A03A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74087E2-5CAA-4085-8408-EB70EC1D5D91\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3302CB-457F-4BD2-B80B-F70FB4C4542E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979C3597-C53B-4F4B-9EA7-126DA036C86D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47DAF5E7-E610-4D74-8573-41C16D642837\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"152FD759-F5D2-4ACE-ADD6-7FE89B31D961\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2521C83-E8F2-4621-9727-75BB3FC11E64\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F496D19-D28C-4517-90A3-90EC62BC5D79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DA4A8C7-EBC0-449E-BD37-69FABDC917C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E594D6DC-87F6-40D2-8268-ED6021462168\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1BB20B5-EA30-4E8E-9055-2E629648436A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B425BB1-3C78-42B1-A6C1-216E514191F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86E82CE3-F43D-4B29-A64D-B14ADB6CC357\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13C0199E-B9F0-41D3-B625-083990517CDF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8790B456-DFC7-4E82-9A0C-C89787139B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84F7BB7E-3A52-4C23-A4D2-50E75C912AFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27175D9A-CA2C-4218-8042-835E25DFCA43\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C7FC57-8ACF-45AA-A227-7E3B350FD24F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2754C2DF-DF6E-4109-9463-38B4E0465B77\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A26704-A6A4-4C4F-9E12-A0A0259491EF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104858BD-D31D-40E0-8524-2EC311F10EAC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5E08E1E-0FE4-4294-9497-BBFFECA2A220\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEBF85C-736A-4E7D-956A-3E8210D4F70B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE06B18-BFB5-4029-A05D-386CFBFBF683\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A1DCCD-208C-46D9-8E14-89592B49AB9A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9DC32-5ADF-4430-B1A6-357D0B29DB78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B82D4C4-7A65-409A-926F-33C054DCBFBA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE535749-F4CE-4FFA-B23D-BF09C92481E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5942B6E-AFC7-40E4-8007-68C804BD52E3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC5F6F5-4347-49D3-909A-27A3A96D36C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"826F893F-7B06-43B5-8653-A8D9794C052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BA6B86-D3F4-4496-AE46-AC513C6560FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"462CFD52-D3E2-4F7A-98AC-C589D2420556\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FDDC897-747F-44DD-9599-7266F9B5B7B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CA098D-CBE4-4E62-9EC0-43E1B6098710\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F474D4-79B6-4525-983C-9A9011BD958B\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA103173\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://supportportal.juniper.net/\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-60007\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-15T21:10:02.048889Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-15T21:10:08.169Z\"}}], \"cna\": {\"title\": \"Junos OS: A specifically crafted \u0027show chassis\u0027 command causes chassisd to crash\", \"source\": {\"defect\": [\"1854693\"], \"advisory\": \"JSA103173\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 6.8, \"Automatable\": \"YES\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.4R3-S8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4\", \"lessThan\": \"24.4R2\", \"versionType\": \"semver\"}], \"platforms\": [\"MX Series\", \"EX Series\", \"SRX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2026-01-14T17:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA103173\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\\n\\n\\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\\u00a0\\n\\n\\n\\n * all versions before 22.4R3-S8,\\n * 23.2 versions before 23.2R2-S5,\\n * 23.4 versions before 23.4R2-S6,\\n * 24.2 versions before 24.2R2-S2,\\n * 24.4 versions before 24.4R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476 NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2026-03-16T18:18:52.683Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-60007\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-16T18:18:52.683Z\", \"dateReserved\": \"2025-09-23T18:19:06.961Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2026-01-15T20:16:22.617Z\", \"assignerShortName\": \"juniper\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-60007
Vulnerability from fkie_nvd - Published: 2026-01-15 21:16 - Updated: 2026-03-16 19:16
Severity ?
Summary
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA103173 | Vendor Advisory | |
| sirt@juniper.net | https://supportportal.juniper.net/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57F66641-003B-49D6-A9B9-AB300CFE3C93",
"versionEndExcluding": "22.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8494546C-00EA-49B6-B6FA-FDE42CA5B1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "8BB98579-FA33-4E41-A162-A46E9709FBD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08E2562F-FB18-4347-8497-7D61B8157EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "60A1E37B-1990-44D9-87FE-300678243BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "D306ED88-8700-4FD4-8919-3C85728C04C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "11340C63-A638-420C-85C9-1B4438C88D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "1ADA814B-EF98-45B1-AF7A-0C89688F7CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "A6FB32DF-D062-4FB9-8777-452978BEC7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "B3B6C811-5C10-4486-849D-5559B592350A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "078D61B9-A228-453C-9D20-6F9C6B20637F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "F1F136A0-021D-43FE-BDD3-AD7201F7FC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
"matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "175CCB13-76C0-44A4-A71D-41E22B92EB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "166BFDB3-1945-4949-BC2B-E18442FF2E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "5923610F-878C-48CA-8B5D-9C609E4DD4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A7C207E3-0252-4192-8E8C-E2ED2831B4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "E6974492-FE69-4340-8881-61C3329C1545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "279E59FE-96DF-4E1D-A3A2-61D180F04533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*",
"matchCriteriaId": "89524D6D-0B22-4952-AD8E-8072C5A05D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "AD69A194-1B03-44EA-8092-79BD10C6F729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8463ADB4-B8A7-4D63-97A9-232ED713A21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FE68337F-106E-4317-A5B6-292B0159F577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "266B520A-482A-43F7-90F8-B9D64D30034F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC78BC9E-5DA7-4E42-9923-B49A0B7F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*",
"matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "979C3597-C53B-4F4B-9EA7-126DA036C86D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152FD759-F5D2-4ACE-ADD6-7FE89B31D961",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2521C83-E8F2-4621-9727-75BB3FC11E64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F496D19-D28C-4517-90A3-90EC62BC5D79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4100-h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA4A8C7-EBC0-449E-BD37-69FABDC917C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8790B456-DFC7-4E82-9A0C-C89787139B79",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84F7BB7E-3A52-4C23-A4D2-50E75C912AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx10008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F0EA2F-BF7E-45D0-B2B4-8A7B67A9475A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEF33EB-B2E0-42EF-A1BB-D41021B6D08F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27175D9A-CA2C-4218-8042-835E25DFCA43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C7FC57-8ACF-45AA-A227-7E3B350FD24F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx204:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2754C2DF-DF6E-4109-9463-38B4E0465B77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A26704-A6A4-4C4F-9E12-A0A0259491EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7FB0CC-624D-4AB9-A7AC-BB19838C3B22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:*",
"matchCriteriaId": "104858BD-D31D-40E0-8524-2EC311F10EAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E08E1E-0FE4-4294-9497-BBFFECA2A220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5942B6E-AFC7-40E4-8007-68C804BD52E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\n\n\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\n\n\n\nThis issue affects:\n\nJunos OS on MX, SRX and EX Series, except MX10000 Series and MX304:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desreferencia de puntero nulo en el demonio de chasis (chassisd) de Juniper Networks Junos OS en las series MX, SRX y EX permite a un atacante local con privilegios bajos causar una denegaci\u00f3n de servicio (DoS).\n\nCuando un usuario ejecuta el comando \u0027show chassis\u0027 con opciones espec\u00edficamente dise\u00f1adas, chassisd se bloquear\u00e1 y reiniciar\u00e1. Debido a esto, todos los componentes excepto el Routing Engine (RE) en el chasis se reinicializan, lo que lleva a una interrupci\u00f3n completa del servicio, de la cual el sistema se recupera autom\u00e1ticamente.\n\nEste problema afecta:\n\nJunos OS en las series MX, SRX y EX:\n\n * todas las versiones anteriores a 22.4R3-S8,\n * versiones 23.2 anteriores a 23.2R2-S5,\n * versiones 23.4 anteriores a 23.4R2-S6,\n * versiones 24.2 anteriores a 24.2R2-S2,\n * versiones 24.4 anteriores a 24.4R2."
}
],
"id": "CVE-2025-60007",
"lastModified": "2026-03-16T19:16:14.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2026-01-15T21:16:03.780",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA103173"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
}
CERTFR-2026-AVI-0050
Vulnerability from certfr_avis - Published: 2026-01-15 - Updated: 2026-01-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 23.4R2-x antérieures à 23.4R2-S6 | ||
| Juniper Networks | Junos Space | Policy Enforcer versions antérieures à 24.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2R3-x antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2R3-x antérieures à 21.2R3-S10 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2R2-x antérieures à 24.2R2-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2R2-x antérieures à 24.2R2-S3 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4R3-x antérieures à 22.4R3-S9-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 25.2R1-x antérieures à 25.2R1-S2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.3R3-x antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | Policy Enforcer | Policy Enforcer versions antérieures à 24.1R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 22.4R3-x antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2R1-x antérieures à 24.2R1-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2R2-x antérieures à 23.2R2-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.4R2-x antérieures à 24.4R2-S2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4R3-x antérieures à 21.4R3-S7-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2R3-x antérieures à 22.2R3-S7 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2R2-x antérieures à 23.2R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.4R1-x antérieures à 24.4R1-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4R3-x antérieures à 21.4R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS versions 22.3R3-x antérieures à 22.3R3-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4R2-x antérieures à 24.4R2-S1-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4R2-x antérieures à 23.4R2-S6-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4R1-x antérieures à 23.4R1-S2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R5",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2R3-x ant\u00e9rieures \u00e0 21.2R3-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S9-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 25.2R1-x ant\u00e9rieures \u00e0 25.2R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R3",
"product": {
"name": "Policy Enforcer",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2R1-x ant\u00e9rieures \u00e0 24.2R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R1-x ant\u00e9rieures \u00e0 24.4R1-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4R1-x ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21913"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2025-60003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60003"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2026-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21918"
},
{
"name": "CVE-2026-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21903"
},
{
"name": "CVE-2026-21907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21907"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2026-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21917"
},
{
"name": "CVE-2026-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21909"
},
{
"name": "CVE-2026-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21906"
},
{
"name": "CVE-2026-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21912"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2026-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21911"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2026-21921",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21921"
},
{
"name": "CVE-2025-60007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60007"
},
{
"name": "CVE-2026-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21914"
},
{
"name": "CVE-2025-59961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59961"
},
{
"name": "CVE-2026-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21910"
},
{
"name": "CVE-2025-60011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60011"
},
{
"name": "CVE-2026-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21920"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2026-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21905"
},
{
"name": "CVE-2026-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21908"
},
{
"name": "CVE-2026-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0203"
}
],
"initial_release_date": "2026-01-15T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0050",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60011",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21921",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21913",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-0203",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21907",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60003",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21911",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21909",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21903",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21917",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21914",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21908",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60007",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-59961",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21910",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21906",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21918",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21920",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21912",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2024-50302",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21905",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905"
}
]
}
NCSC-2026-0017
Vulnerability from csaf_ncscnl - Published: 2026-01-16 10:07 - Updated: 2026-01-16 10:07Summary
Kwetsbaarheden verholpen in Juniper Networks JunOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Juniper heeft kwetsbaarheden verholpen in Junos OS (Specifiek voor SRX en MX Series apparaten).
Interpretaties: De kwetsbaarheden in Junos OS omvatten verschillende problemen, waaronder clickjacking, Denial-of-Service (DoS) door malformed packets, en kwetsbaarheden die kunnen worden misbruikt door ongeauthenticeerde aanvallers. Deze kwetsbaarheden kunnen leiden tot serviceonderbrekingen, netwerkinstabiliteit en ongeautoriseerde acties door gebruikers. De technische details van deze kwetsbaarheden vereisen aandacht van beveiligingsbeheerders om de impact op hun netwerkinfrastructuur te beoordelen.
Oplossingen: Juniper heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: medium
CWE-121: Stack-based Buffer Overflow
CWE-126: Buffer Over-read
CWE-252: Unchecked Return Value
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-415: Double Free
CWE-416: Use After Free
CWE-476: NULL Pointer Dereference
CWE-665: Improper Initialization
CWE-667: Improper Locking
CWE-682: Incorrect Calculation
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-755: Improper Handling of Exceptional Conditions
CWE-822: Untrusted Pointer Dereference
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-908: Use of Uninitialized Resource
CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CWE-1286: Improper Validation of Syntactic Correctness of Input
CWE-1419: Incorrect Initialization of Resource
A clickjacking vulnerability in Juniper Networks Paragon Automation web portal, affecting all versions prior to 24.1.1, allows attackers to manipulate user interactions due to improper HTTP header settings.
6.1 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos Space's TLS/SSL server allows static key ciphers, compromising confidentiality and lacking Perfect Forward Secrecy in all versions prior to 24.1R5.
5.9 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A NULL Pointer Dereference vulnerability in Juniper Networks' Junos OS chassis daemon allows low-privileged local attackers to execute a command that causes a Denial-of-Service, resulting in temporary service outages.
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos OS allows unauthenticated attackers to exploit malformed ICMPv4 packets, resulting in a crash and restart of the FPC, leading to a Denial of Service (DoS).
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A Stack-based Buffer Overflow vulnerability in Juniper Networks' Junos OS enables low-privileged attackers to trigger Denial-of-Service conditions by subscribing to telemetry sensors, affecting specific OS versions.
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks' Junos OS on SRX Series allows unauthenticated attackers to crash the packet forwarding engine via a specific ICMP packet sent through a GRE tunnel, causing traffic loss.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series can be exploited by unauthenticated attackers, leading to Denial-of-Service due to lock management failures.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows unauthenticated attackers to cause a Denial-of-Service (DoS) by sending malformed SSL packets, leading to device crashes.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series can allow unauthenticated attackers to cause Denial-of-Service (DoS) through specially crafted DNS requests.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks' Junos OS and Junos OS Evolved allows local, authenticated attackers to execute a command that causes a Denial-of-Service by crashing the routing protocol daemon under specific conditions.
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper's DHCP service allows clients to exhaust address pools across subnets, leading to a Denial of Service on the DHCP server due to improper Option 82 handling in specific configurations.
7.4 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in the Juniper DHCP daemon allows low-privileged local users to gain administrative control over the DHCP service, impacting multiple versions of Junos OS and Junos OS Evolved.
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A Buffer Over-read vulnerability in Juniper Networks' Junos OS allows unauthenticated attackers to crash the routing protocol daemon (rpd) via specific BGP updates from non-4-byte-AS capable peers, leading to a Denial-of-Service (DoS).
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks' Junos OS allows unauthenticated attackers to disrupt BGP sessions, affecting the availability of downstream devices through malformed attributes.
5.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A Use After Free vulnerability in Juniper Networks' 802.1X authentication daemon could allow an authenticated attacker to crash the process or execute arbitrary code during port authorization changes.
7.1 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks' Junos OS and Junos OS Evolved allows unauthenticated attackers to exploit a memory leak in the routing protocol daemon, resulting in a Denial of Service condition.
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A Use After Free vulnerability in Juniper Networks' Junos OS allows low-privileged attackers to exploit telemetry sensor subscriptions, resulting in Denial-of-Service by crashing critical processes.
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
Multiple updates across SUSE Linux Enterprise kernels (15 SP2 to SP6) and Linux Kernel versions addressed various security vulnerabilities, including use-after-free issues, memory leaks, and specific bugs in network handling and Bluetooth functionalities.
7.8 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos OS Evolved's Layer 2 Control Protocol Daemon allows unauthenticated attackers to disrupt MAC learning, resulting in high CPU usage and excessive logging.
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos OS on EX4000 models allows unauthenticated attackers to cause Denial-of-Service by overwhelming the device with traffic, resulting in service outages.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos OS on EX4k and QFX5k Series platforms allows unauthenticated attackers to cause Denial of Service by flapping an interface, resulting in dropped traffic between specific VXLAN Network Identifiers.
6.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A TOCTOU race condition vulnerability in Juniper Networks Junos OS allows low-privileged attackers to reset specific line cards, potentially causing further system crashes.
5.5 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A vulnerability in Juniper Networks Junos OS allows unauthenticated attackers to crash the flow management process via specific TCP SIP messages, leading to a Denial of Service on affected SRX and MX Series devices.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
A Double Free vulnerability in Juniper Networks' Junos OS on SRX and MX Series allows unauthenticated attackers to exploit TCP session establishment, leading to Denial-of-Service across multiple software versions.
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Juniper Networks / Junos OS
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos OS Evolved
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Junos Space
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Paragon Automation (Pathfinder, Planner, Insights)
|
vers:unknown/* | ||
|
vers:unknown/*
Juniper Networks / Spac
|
vers:unknown/* |
References
44 references
| URL | Category |
|---|---|
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://supportportal.juniper.net/s/article/2026-… | external |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Juniper heeft kwetsbaarheden verholpen in Junos OS (Specifiek voor SRX en MX Series apparaten).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Junos OS omvatten verschillende problemen, waaronder clickjacking, Denial-of-Service (DoS) door malformed packets, en kwetsbaarheden die kunnen worden misbruikt door ongeauthenticeerde aanvallers. Deze kwetsbaarheden kunnen leiden tot serviceonderbrekingen, netwerkinstabiliteit en ongeautoriseerde acties door gebruikers. De technische details van deze kwetsbaarheden vereisen aandacht van beveiligingsbeheerders om de impact op hun netwerkinfrastructuur te beoordelen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Juniper heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "medium",
"title": "Schade"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "general",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "general",
"text": "Incorrect Calculation",
"title": "CWE-682"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "general",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Incorrect Initialization of Resource",
"title": "CWE-1419"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906"
},
{
"category": "external",
"summary": "Reference",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903"
}
],
"title": "Kwetsbaarheden verholpen in Juniper Networks JunOS",
"tracking": {
"current_release_date": "2026-01-16T10:07:39.310560Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0017",
"initial_release_date": "2026-01-16T10:07:39.310560Z",
"revision_history": [
{
"date": "2026-01-16T10:07:39.310560Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Junos OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Junos OS Evolved"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Junos Space"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Paragon Automation (Pathfinder, Planner, Insights)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Spac"
}
],
"category": "vendor",
"name": "Juniper Networks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52987",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "description",
"text": "A clickjacking vulnerability in Juniper Networks Paragon Automation web portal, affecting all versions prior to 24.1.1, allows attackers to manipulate user interactions due to improper HTTP header settings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-52987"
},
{
"cve": "CVE-2026-21907",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "other",
"text": "Use of a Broken or Risky Cryptographic Algorithm",
"title": "CWE-327"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos Space\u0027s TLS/SSL server allows static key ciphers, compromising confidentiality and lacking Perfect Forward Secrecy in all versions prior to 24.1R5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/RE:M/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21907.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21907"
},
{
"cve": "CVE-2025-60007",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "A NULL Pointer Dereference vulnerability in Juniper Networks\u0027 Junos OS chassis daemon allows low-privileged local attackers to execute a command that causes a Denial-of-Service, resulting in temporary service outages.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60007 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60007.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-60007"
},
{
"cve": "CVE-2026-0203",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos OS allows unauthenticated attackers to exploit malformed ICMPv4 packets, resulting in a crash and restart of the FPC, leading to a Denial of Service (DoS).",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0203 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0203.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-0203"
},
{
"cve": "CVE-2026-21903",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "description",
"text": "A Stack-based Buffer Overflow vulnerability in Juniper Networks\u0027 Junos OS enables low-privileged attackers to trigger Denial-of-Service conditions by subscribing to telemetry sensors, affecting specific OS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21903 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21903.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21903"
},
{
"cve": "CVE-2026-21906",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks\u0027 Junos OS on SRX Series allows unauthenticated attackers to crash the packet forwarding engine via a specific ICMP packet sent through a GRE tunnel, causing traffic loss.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21906"
},
{
"cve": "CVE-2026-21914",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "other",
"text": "Improper Locking",
"title": "CWE-667"
},
{
"category": "description",
"text": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series can be exploited by unauthenticated attackers, leading to Denial-of-Service due to lock management failures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21914 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21914.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21914"
},
{
"cve": "CVE-2026-21917",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "description",
"text": "A vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows unauthenticated attackers to cause a Denial-of-Service (DoS) by sending malformed SSL packets, leading to device crashes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21917 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21917.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21917"
},
{
"cve": "CVE-2026-21920",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "description",
"text": "An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series can allow unauthenticated attackers to cause Denial-of-Service (DoS) through specially crafted DNS requests.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21920 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21920"
},
{
"cve": "CVE-2025-59959",
"cwe": {
"id": "CWE-822",
"name": "Untrusted Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "Untrusted Pointer Dereference",
"title": "CWE-822"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks\u0027 Junos OS and Junos OS Evolved allows local, authenticated attackers to execute a command that causes a Denial-of-Service by crashing the routing protocol daemon under specific conditions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59959.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-59959"
},
{
"cve": "CVE-2025-59960",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "description",
"text": "A vulnerability in Juniper\u0027s DHCP service allows clients to exhaust address pools across subnets, leading to a Denial of Service on the DHCP server due to improper Option 82 handling in specific configurations.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59960 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59960.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-59960"
},
{
"cve": "CVE-2025-59961",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "description",
"text": "A vulnerability in the Juniper DHCP daemon allows low-privileged local users to gain administrative control over the DHCP service, impacting multiple versions of Junos OS and Junos OS Evolved.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59961 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-59961"
},
{
"cve": "CVE-2025-60003",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "A Buffer Over-read vulnerability in Juniper Networks\u0027 Junos OS allows unauthenticated attackers to crash the routing protocol daemon (rpd) via specific BGP updates from non-4-byte-AS capable peers, leading to a Denial-of-Service (DoS).",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60003 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60003.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-60003"
},
{
"cve": "CVE-2025-60011",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks\u0027 Junos OS allows unauthenticated attackers to disrupt BGP sessions, affecting the availability of downstream devices through malformed attributes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-60011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-60011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2025-60011"
},
{
"cve": "CVE-2026-21908",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A Use After Free vulnerability in Juniper Networks\u0027 802.1X authentication daemon could allow an authenticated attacker to crash the process or execute arbitrary code during port authorization changes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21908.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21908"
},
{
"cve": "CVE-2026-21909",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks\u0027 Junos OS and Junos OS Evolved allows unauthenticated attackers to exploit a memory leak in the routing protocol daemon, resulting in a Denial of Service condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21909 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21909.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21909"
},
{
"cve": "CVE-2026-21921",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "A Use After Free vulnerability in Juniper Networks\u0027 Junos OS allows low-privileged attackers to exploit telemetry sensor subscriptions, resulting in Denial-of-Service by crashing critical processes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21921 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21921.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21921"
},
{
"cve": "CVE-2024-50302",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "other",
"text": "Improper Initialization",
"title": "CWE-665"
},
{
"category": "other",
"text": "Use of Uninitialized Resource",
"title": "CWE-908"
},
{
"category": "description",
"text": "Multiple updates across SUSE Linux Enterprise kernels (15 SP2 to SP6) and Linux Kernel versions addressed various security vulnerabilities, including use-after-free issues, memory leaks, and specific bugs in network handling and Bluetooth functionalities.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-50302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2024-50302"
},
{
"cve": "CVE-2026-21911",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"notes": [
{
"category": "other",
"text": "Incorrect Calculation",
"title": "CWE-682"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos OS Evolved\u0027s Layer 2 Control Protocol Daemon allows unauthenticated attackers to disrupt MAC learning, resulting in high CPU usage and excessive logging.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21911 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21911.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21911"
},
{
"cve": "CVE-2026-21913",
"cwe": {
"id": "CWE-1419",
"name": "Incorrect Initialization of Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Initialization of Resource",
"title": "CWE-1419"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos OS on EX4000 models allows unauthenticated attackers to cause Denial-of-Service by overwhelming the device with traffic, resulting in service outages.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21913 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21913.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21913"
},
{
"cve": "CVE-2026-21910",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos OS on EX4k and QFX5k Series platforms allows unauthenticated attackers to cause Denial of Service by flapping an interface, resulting in dropped traffic between specific VXLAN Network Identifiers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21910 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21910.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21910"
},
{
"cve": "CVE-2026-21912",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "description",
"text": "A TOCTOU race condition vulnerability in Juniper Networks Junos OS allows low-privileged attackers to reset specific line cards, potentially causing further system crashes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21912 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21912.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21912"
},
{
"cve": "CVE-2026-21905",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "A vulnerability in Juniper Networks Junos OS allows unauthenticated attackers to crash the flow management process via specific TCP SIP messages, leading to a Denial of Service on affected SRX and MX Series devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21905 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21905.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21905"
},
{
"cve": "CVE-2026-21918",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "A Double Free vulnerability in Juniper Networks\u0027 Junos OS on SRX and MX Series allows unauthenticated attackers to exploit TCP session establishment, leading to Denial-of-Service across multiple software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21918 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21918.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5"
]
}
],
"title": "CVE-2026-21918"
}
]
}
GHSA-XFQ5-FXGC-9GRJ
Vulnerability from github – Published: 2026-01-15 21:31 – Updated: 2026-03-16 21:34
VLAI?
Details
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series:
- all versions before 22.4R3-S8,
- 23.2 versions before 23.2R2-S5,
- 23.4 versions before 23.4R2-S6,
- 24.2 versions before 24.2R2-S2,
- 24.4 versions before 24.4R2.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-60007"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-15T21:16:03Z",
"severity": "MODERATE"
},
"details": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\n\n\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\n\n\n\nThis issue affects:\n\nJunos OS on MX, SRX and EX Series:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2.",
"id": "GHSA-xfq5-fxgc-9grj",
"modified": "2026-03-16T21:34:29Z",
"published": "2026-01-15T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60007"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA103173"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"type": "CVSS_V4"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…