FKIE_CVE-2026-21914
Vulnerability from fkie_nvd - Published: 2026-01-15 21:16 - Updated: 2026-01-23 19:41
Severity ?
Summary
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).
If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.
This issue affects Junos OS on SRX Series:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S2,
* 25.2 versions before 25.2R1-S1, 25.2R2.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA106015 | Vendor Advisory | |
| sirt@juniper.net | https://supportportal.juniper.net/JSA106015 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57F66641-003B-49D6-A9B9-AB300CFE3C93",
"versionEndExcluding": "22.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1379EF30-AF04-4F98-8328-52A631F24737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "EBB967BF-3495-476D-839A-9DBFCBE69F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8494546C-00EA-49B6-B6FA-FDE42CA5B1FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "8BB98579-FA33-4E41-A162-A46E9709FBD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "08E2562F-FB18-4347-8497-7D61B8157EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "60A1E37B-1990-44D9-87FE-300678243BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "D306ED88-8700-4FD4-8919-3C85728C04C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "11340C63-A638-420C-85C9-1B4438C88D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1A78CC80-E8B1-4CDA-BB35-A61833657FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "B227E831-30FF-4BE1-B8B2-31829A5610A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "1ADA814B-EF98-45B1-AF7A-0C89688F7CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "A6FB32DF-D062-4FB9-8777-452978BEC7B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "B3B6C811-5C10-4486-849D-5559B592350A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "078D61B9-A228-453C-9D20-6F9C6B20637F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "F1F136A0-021D-43FE-BDD3-AD7201F7FC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
"matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "175CCB13-76C0-44A4-A71D-41E22B92EB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "166BFDB3-1945-4949-BC2B-E18442FF2E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "5923610F-878C-48CA-8B5D-9C609E4DD4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "A7C207E3-0252-4192-8E8C-E2ED2831B4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*",
"matchCriteriaId": "E6974492-FE69-4340-8881-61C3329C1545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*",
"matchCriteriaId": "279E59FE-96DF-4E1D-A3A2-61D180F04533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*",
"matchCriteriaId": "89524D6D-0B22-4952-AD8E-8072C5A05D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "AD69A194-1B03-44EA-8092-79BD10C6F729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8463ADB4-B8A7-4D63-97A9-232ED713A21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FE68337F-106E-4317-A5B6-292B0159F577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "266B520A-482A-43F7-90F8-B9D64D30034F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "AC78BC9E-5DA7-4E42-9923-B49A0B7F3564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*",
"matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*",
"matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "0EEF1798-F3C2-4645-96E7-1E82368B184D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*",
"matchCriteriaId": "1B7572BB-9C77-4214-9C5F-CC83C7B93E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "CAADBF98-38BE-40E2-AF1B-9077DCED0809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "6C7B9DEB-7472-4010-8717-8050555C2FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5942B6E-AFC7-40E4-8007-68C804BD52E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\n\nIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S3,\n * 24.4 versions before 24.4R2-S2,\n * 25.2 versions before 25.2R1-S1, 25.2R2."
},
{
"lang": "es",
"value": "Una vulnerabilidad de bloqueo incorrecto en el plugin GTP de Juniper Networks Junos OS en la serie SRX permite a un atacante no autenticado y basado en red causar una denegaci\u00f3n de servicio (DoS).\n\nSi un dispositivo de la serie SRX recibe un mensaje de solicitud de modificaci\u00f3n de portador (Modify Bearer Request) del protocolo de tunelizaci\u00f3n GPRS (GTP) espec\u00edficamente malformado, se adquiere un bloqueo y nunca se libera. Esto resulta en que otros hilos no pueden adquirir un bloqueo por s\u00ed mismos, causando un tiempo de espera del watchdog que lleva a un fallo y reinicio del FPC. Este problema lleva a una interrupci\u00f3n completa del tr\u00e1fico hasta que el dispositivo se haya recuperado autom\u00e1ticamente.\n\nEste problema afecta a Junos OS en la serie SRX:\n\n * todas las versiones anteriores a 22.4R3-S8,\n * versiones 23.2 anteriores a 23.2R2-S5,\n * versiones 23.4 anteriores a 23.4R2-S6,\n * versiones 24.2 anteriores a 24.2R2-S3,\n * versiones 24.4 anteriores a 24.4R2-S2,\n * versiones 25.2 anteriores a 25.2R1-S1, 25.2R2."
}
],
"id": "CVE-2026-21914",
"lastModified": "2026-01-23T19:41:03.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sirt@juniper.net",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2026-01-15T21:16:07.700",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA106015"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA106015"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "sirt@juniper.net",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…