Vulnerability-Lookup

WID-SEC-W-2026-0117

Vulnerability from csaf_certbund - Published: 2026-01-14 23:00 - Updated: 2026-01-15 23:00

Summary

Juniper Junos OS, Junos Space: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS und Juniper Junos Space ausnutzen, um falsche Informationen darzustellen, beliebigen Code mit Root-Rechten auszuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2025-52987

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Paragon Automation (Pathfinder, Planner, Insights) <24.1.1 Juniper / JUNOS		Paragon Automation (Pathfinder, Planner, Insights) <24.1.1

CVE-2026-21907

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper Junos Space <24.1R5 Juniper / Junos Space		<24.1R5

CVE-2025-60007

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-0203

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-21903

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-21906

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series

CVE-2026-21914

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series

CVE-2026-21917

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series

CVE-2026-21920

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series

CVE-2025-59959

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2025-59960

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2025-59961

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2025-60003

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2025-60011

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-21908

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-21909

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2026-21921

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS

CVE-2024-50302

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved

CVE-2026-21911

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS Evolved Juniper / JUNOS	`cpe:/o:juniper:junos:os_evolved`	OS Evolved

CVE-2026-21913

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS OS EX4000 Juniper / JUNOS	`cpe:/o:juniper:junos:os_ex4000`	OS EX4000

CVE-2026-21910

Affected products

Known affected 3 products

Product	Identifier	Version
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS
Juniper JUNOS OS QFX5k Juniper / JUNOS	`cpe:/o:juniper:junos:os_qfx5k`	OS QFX5k
Juniper JUNOS OS EX4k Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_ex4k_series`	OS EX4k Series

CVE-2026-21912

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS
Juniper JUNOS OS MX10k Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_mx10k_series`	OS MX10k Series

CVE-2026-21905

Affected products

Known affected 6 products

Product	Identifier	Version
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series
Juniper JUNOS Paragon Automation (Pathfinder, Planner, Insights) <24.1.1 Juniper / JUNOS		Paragon Automation (Pathfinder, Planner, Insights) <24.1.1
Juniper JUNOS OS MX Series with MS-MPC Juniper / JUNOS	`cpe:/o:juniper:junos:os_mx_series_with_ms-mpc`	OS MX Series with MS-MPC
Juniper JUNOS OS MX Series with MX-SPC3 Juniper / JUNOS	`cpe:/o:juniper:junos:os_mx_series_with_mx-spc3`	OS MX Series with MX-SPC3
Juniper JUNOS OS SRX and MX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_and_mx_series`	OS SRX and MX Series

CVE-2026-21918

Affected products

Known affected 6 products

Product	Identifier	Version
Juniper JUNOS OS Juniper / JUNOS	`cpe:/o:juniper:junos:os`	OS
Juniper JUNOS OS SRX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_series`	OS SRX Series
Juniper JUNOS Paragon Automation (Pathfinder, Planner, Insights) <24.1.1 Juniper / JUNOS		Paragon Automation (Pathfinder, Planner, Insights) <24.1.1
Juniper JUNOS OS MX Series with MS-MPC Juniper / JUNOS	`cpe:/o:juniper:junos:os_mx_series_with_ms-mpc`	OS MX Series with MS-MPC
Juniper JUNOS OS MX Series with MX-SPC3 Juniper / JUNOS	`cpe:/o:juniper:junos:os_mx_series_with_mx-spc3`	OS MX Series with MX-SPC3
Juniper JUNOS OS SRX and MX Series Juniper / JUNOS	`cpe:/o:juniper:junos:os_srx_and_mx_series`	OS SRX and MX Series

References

27 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://supportportal.juniper.net/s/global-search…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external
https://supportportal.juniper.net/s/article/2026-…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nJunos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS und Juniper Junos Space ausnutzen, um falsche Informationen darzustellen, beliebigen Code mit Root-Rechten auszuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0117 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0117.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0117 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0117"
      },
      {
        "category": "external",
        "summary": "Juniper Patchday vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=100"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-DHCP-Option-82-messages-from-clients-being-passed-unmodified-to-the-DHCP-server-CVE-2025-59960"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-show-command-leads-to-an-rpd-crash-CVE-2025-59959"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2026-01-14",
        "url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Paragon-Automation-A-clickjacking-vulnerability-in-the-web-server-configuration-has-been-addressed-CVE-2025-52987"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper Junos OS, Junos Space: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-16T09:16:13.074+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0117",
      "initial_release_date": "2026-01-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-15T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-2697, EUVD-2026-2689, EUVD-2026-2683, EUVD-2026-2700, EUVD-2026-2692, EUVD-2026-2681, EUVD-2026-2713, EUVD-2026-2703, EUVD-2026-2702, EUVD-2026-2685, EUVD-2026-2693, EUVD-2026-2696, EUVD-2026-2694, EUVD-2026-2682, EUVD-2026-2690, EUVD-2026-2688, EUVD-2026-2698, EUVD-2026-2687, EUVD-2026-2718, EUVD-2026-2705, EUVD-2026-2709, EUVD-2026-2712, EUVD-2026-2699"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Paragon Automation (Pathfinder, Planner, Insights) \u003c24.1.1",
                "product": {
                  "name": "Juniper JUNOS Paragon Automation (Pathfinder, Planner, Insights) \u003c24.1.1",
                  "product_id": "T049965"
                }
              },
              {
                "category": "product_version",
                "name": "Paragon Automation (Pathfinder, Planner, Insights) 24.1.1",
                "product": {
                  "name": "Juniper JUNOS Paragon Automation (Pathfinder, Planner, Insights) 24.1.1",
                  "product_id": "T049965-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:paragon_automation_%2528pathfinder_planner_insights%2529__24.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS SRX Series",
                "product": {
                  "name": "Juniper JUNOS OS SRX Series",
                  "product_id": "T049977",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_srx_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS",
                "product": {
                  "name": "Juniper JUNOS OS",
                  "product_id": "T049978",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS Evolved",
                "product": {
                  "name": "Juniper JUNOS OS Evolved",
                  "product_id": "T049979",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_evolved"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS EX4000",
                "product": {
                  "name": "Juniper JUNOS OS EX4000",
                  "product_id": "T049980",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_ex4000"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS EX4k Series",
                "product": {
                  "name": "Juniper JUNOS OS EX4k Series",
                  "product_id": "T049981",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_ex4k_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS QFX5k",
                "product": {
                  "name": "Juniper JUNOS OS QFX5k",
                  "product_id": "T049982",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_qfx5k"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS MX10k Series",
                "product": {
                  "name": "Juniper JUNOS OS MX10k Series",
                  "product_id": "T049983",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_mx10k_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS SRX and MX Series",
                "product": {
                  "name": "Juniper JUNOS OS SRX and MX Series",
                  "product_id": "T049984",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_srx_and_mx_series"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS MX Series with MX-SPC3",
                "product": {
                  "name": "Juniper JUNOS OS MX Series with MX-SPC3",
                  "product_id": "T049985",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_mx_series_with_mx-spc3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "OS MX Series with MS-MPC",
                "product": {
                  "name": "Juniper JUNOS OS MX Series with MS-MPC",
                  "product_id": "T049986",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:os_mx_series_with_ms-mpc"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c24.1R5",
                "product": {
                  "name": "Juniper Junos Space \u003c24.1R5",
                  "product_id": "T049987"
                }
              },
              {
                "category": "product_version",
                "name": "24.1R5",
                "product": {
                  "name": "Juniper Junos Space 24.1R5",
                  "product_id": "T049987-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:24.1r5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-52987",
      "product_status": {
        "known_affected": [
          "T049965"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-52987"
    },
    {
      "cve": "CVE-2026-21907",
      "product_status": {
        "known_affected": [
          "T049987"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21907"
    },
    {
      "cve": "CVE-2025-60007",
      "product_status": {
        "known_affected": [
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-60007"
    },
    {
      "cve": "CVE-2026-0203",
      "product_status": {
        "known_affected": [
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-0203"
    },
    {
      "cve": "CVE-2026-21903",
      "product_status": {
        "known_affected": [
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21903"
    },
    {
      "cve": "CVE-2026-21906",
      "product_status": {
        "known_affected": [
          "T049977"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21906"
    },
    {
      "cve": "CVE-2026-21914",
      "product_status": {
        "known_affected": [
          "T049977"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21914"
    },
    {
      "cve": "CVE-2026-21917",
      "product_status": {
        "known_affected": [
          "T049977"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21917"
    },
    {
      "cve": "CVE-2026-21920",
      "product_status": {
        "known_affected": [
          "T049977"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21920"
    },
    {
      "cve": "CVE-2025-59959",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-59959"
    },
    {
      "cve": "CVE-2025-59960",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-59960"
    },
    {
      "cve": "CVE-2025-59961",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-59961"
    },
    {
      "cve": "CVE-2025-60003",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-60003"
    },
    {
      "cve": "CVE-2025-60011",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2025-60011"
    },
    {
      "cve": "CVE-2026-21908",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21908"
    },
    {
      "cve": "CVE-2026-21909",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21909"
    },
    {
      "cve": "CVE-2026-21921",
      "product_status": {
        "known_affected": [
          "T049979",
          "T049978"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21921"
    },
    {
      "cve": "CVE-2024-50302",
      "product_status": {
        "known_affected": [
          "T049979"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2024-50302"
    },
    {
      "cve": "CVE-2026-21911",
      "product_status": {
        "known_affected": [
          "T049979"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21911"
    },
    {
      "cve": "CVE-2026-21913",
      "product_status": {
        "known_affected": [
          "T049980"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21913"
    },
    {
      "cve": "CVE-2026-21910",
      "product_status": {
        "known_affected": [
          "T049978",
          "T049982",
          "T049981"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21910"
    },
    {
      "cve": "CVE-2026-21912",
      "product_status": {
        "known_affected": [
          "T049978",
          "T049983"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21912"
    },
    {
      "cve": "CVE-2026-21905",
      "product_status": {
        "known_affected": [
          "T049978",
          "T049977",
          "T049965",
          "T049986",
          "T049985",
          "T049984"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21905"
    },
    {
      "cve": "CVE-2026-21918",
      "product_status": {
        "known_affected": [
          "T049978",
          "T049977",
          "T049965",
          "T049986",
          "T049985",
          "T049984"
        ]
      },
      "release_date": "2026-01-14T23:00:00.000+00:00",
      "title": "CVE-2026-21918"
    }
  ]
}

CVE-2024-50302 (GCVE-0-2024-50302)

Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2026-05-23 15:55

Title

HID: core: zero-initialize the report buffer

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: active Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

Linux

References

13 references

URL	Tags
https://git.kernel.org/stable/c/e7ea60184e1e88a3c…
https://git.kernel.org/stable/c/3f9e88f2672c46359…
https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3…
https://git.kernel.org/stable/c/05ade5d4337867929…
https://git.kernel.org/stable/c/1884ab3d22536a5c1…
https://git.kernel.org/stable/c/9d9f5c75c0c7f3176…
https://git.kernel.org/stable/c/492015e6249fbcd42…
https://git.kernel.org/stable/c/177f25d1292c7e16e…
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource
https://lists.debian.org/debian-lts-announce/2025…
https://lists.debian.org/debian-lts-announce/2025…
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

6 products

Vendor	Product	Version
Linux	Linux	Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git) Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git) Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git) Affected: 3.10.16 , < 3.11 (semver) Affected: 3.11.5 , < 3.12 (semver)
Linux	Linux	Affected: 3.12 Unaffected: 0 , < 3.12 (semver) Unaffected: 4.19.324 , ≤ 4.19.* (semver) Unaffected: 5.4.286 , ≤ 5.4.* (semver) Unaffected: 5.10.230 , ≤ 5.10.* (semver) Unaffected: 5.15.172 , ≤ 5.15.* (semver) Unaffected: 6.1.117 , ≤ 6.1.* (semver) Unaffected: 6.6.61 , ≤ 6.6.* (semver) Unaffected: 6.11.8 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix)
Siemens	RUGGEDCOM RST2428P	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Unaffected: 0 , < * (custom)
Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 family	Unaffected: 0 , < * (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50302",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T04:55:26.718337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:35.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-04T00:00:00.000Z",
            "value": "CVE-2024-50302 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:28:19.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:01:00.886Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
              "status": "affected",
              "version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
              "versionType": "git"
            },
            {
              "lessThan": "3.11",
              "status": "affected",
              "version": "3.10.16",
              "versionType": "semver"
            },
            {
              "lessThan": "3.12",
              "status": "affected",
              "version": "3.11.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.11.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:55:02.106Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
        },
        {
          "url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
        },
        {
          "url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
        }
      ],
      "title": "HID: core: zero-initialize the report buffer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50302",
    "datePublished": "2024-11-19T01:30:51.300Z",
    "dateReserved": "2024-10-21T19:36:19.987Z",
    "dateUpdated": "2026-05-23T15:55:02.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-52987 (GCVE-0-2025-52987)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:10 – Updated: 2026-01-16 17:15

Title

Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

Summary

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker's control. This issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103145	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Juniper Networks	Paragon Automation (Pathfinder, Planner, Insights)	Affected: 0 , < 24.1.1 (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T17:15:04.101708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T17:15:12.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Paragon Automation (Pathfinder, Planner, Insights)",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "24.1.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application\u0027s failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker\u0027s control.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1.\u003c/p\u003e"
            }
          ],
          "value": "A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application\u0027s failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting with the interface under the attacker\u0027s control.\u00a0\n\nThis issue affects all versions of Paragon Automation (Pathfinder, Planner, Insights) before 24.1.1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:10:44.846Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103145"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e24.1.1\u003c/span\u003e, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\u00a024.1.1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103145",
        "defect": [
          "DV-6555"
        ],
        "discovery": "USER"
      },
      "title": "Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52987",
    "datePublished": "2026-01-15T20:10:44.846Z",
    "dateReserved": "2025-06-23T18:23:44.546Z",
    "dateUpdated": "2026-01-16T17:15:12.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59959 (GCVE-0-2025-59959)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:13 – Updated: 2026-01-16 16:37

Title

Junos OS and Junos OS Evolved: Executing a specific show command leads to an rpd crash

Summary

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart. 'show route ... extensive' is not affected. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-822 - Untrusted Pointer Dereference

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103148	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S5 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver)
Juniper Networks	Junos OS Evolved	Affected: 0 , < 22.4R3-S8-EVO (semver) Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T16:37:13.063421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T16:37:24.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S5",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue a BGP peering needs to be configured via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "To be exposed to this issue a BGP peering needs to be configured via:\n\n[ protocols bgp ... neighbor ... ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cp\u003eWhen the command \u0027show route \u0026lt; ( receive-protocol | advertising-protocol ) bgp \u0026gt; detail\u0027 is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart.\u003cbr\u003e\u0027show route ... extensive\u0027 is not affected.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS).\n\nWhen the command \u0027show route \u003c ( receive-protocol | advertising-protocol ) bgp \u003e detail\u0027 is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart.\n\u0027show route ... extensive\u0027 is not affected.\n\n\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S8-EVO,\u00a0\n  *  23.2 versions before 23.2R2-S5-EVO,\n  *  23.4 versions before 23.4R2-S6-EVO,\n  *  24.2 versions before 24.2R2-S2-EVO,\n  *  24.4 versions before 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822 Untrusted Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:13:21.483Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103148"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103148",
        "defect": [
          "1883803"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: Executing a specific show command leads to an rpd crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\u003cbr\u003eUtilize CLI authorization to disallow execution of the \u0027show route\u0027 command with the \u0027detail\u0027 option.\u003cbr\u003e"
            }
          ],
          "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\n\nUtilize CLI authorization to disallow execution of the \u0027show route\u0027 command with the \u0027detail\u0027 option."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-59959",
    "datePublished": "2026-01-15T20:13:21.483Z",
    "dateReserved": "2025-09-23T18:19:06.954Z",
    "dateUpdated": "2026-01-16T16:37:24.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59960 (GCVE-0-2025-59960)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:14 – Updated: 2026-01-16 16:27

Title

Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion. This issue affects Junos OS: * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S12, * all versions of 22.2, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2. Junos OS Evolved: * all versions before 21.4R3-S12-EVO, * all versions of 22.2-EVO, * from 22.4 before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Severity

7.4 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.3 (Medium)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103149	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 21.2R3-S10 (semver) Affected: 21.4 , < 21.4R3-S12 (semver) Affected: 22.2 , < 22.2* (semver) Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver)
Juniper Networks	Junos OS Evolved	Affected: 0 , < 21.4R3-S12-EVO (semver) Affected: 22.2 , < 22.2* (semver) Affected: 22.4 , < 22.4R3-S8-EVO (semver) Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver) Affected: 25.2 , < 25.2R1-S1-EVO, 25.2R2-EVO (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T16:27:50.519720Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T16:27:58.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S12",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2*",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S1, 25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S12-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2*",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S1-EVO, 25.2R2-EVO",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ forwarding-options dhcp-relay forward-only ]\u003cbr\u003e\u003c/tt\u003e"
            }
          ],
          "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue:\n\n[ forwarding-options dhcp-relay forward-only ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.\u003cbr\u003e\u003cbr\u003e\n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in \u0027forward-only\u0027 mode with Option 82, the device should drop the message unless \u0027trust-option82\u0027 is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server\u0027s address pool, ultimately leading to address pool exhaustion.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S10,\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S12,\u003c/li\u003e\u003cli\u003eall versions of 22.2,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S12-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003eall versions of 22.2-EVO,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.\n\n\n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in \u0027forward-only\u0027 mode with Option 82, the device should drop the message unless \u0027trust-option82\u0027 is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server\u0027s address pool, ultimately leading to address pool exhaustion.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  all versions before 21.2R3-S10,\n  *  from 21.4 before 21.4R3-S12,\n  *  all versions of 22.2,\n  *  from 22.4 before 22.4R3-S8,\u00a0\n  *  from 23.2 before 23.2R2-S5,\u00a0\n  *  from 23.4 before 23.4R2-S6,\u00a0\n  *  from 24.2 before 24.2R2-S2,\u00a0\n  *  from 24.4 before 24.4R2,\u00a0\n  *  from 25.2 before 25.2R1-S1, 25.2R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 21.4R3-S12-EVO,\u00a0\n  *  all versions of 22.2-EVO,\n  *  from 22.4 before 22.4R3-S8-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S5-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S6-EVO,\u00a0\n  *  from 24.2 before 24.2R2-S2-EVO,\u00a0\n  *  from 24.4 before 24.4R2-EVO,\u00a0\n  *  from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:14:00.582Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103149"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003e\n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.\n\n\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\n\n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103149",
        "defect": [
          "1876407"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-14T17:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-59960",
    "datePublished": "2026-01-15T20:14:00.582Z",
    "dateReserved": "2025-09-23T18:19:06.954Z",
    "dateUpdated": "2026-01-16T16:27:58.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59961 (GCVE-0-2025-59961)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:14 – Updated: 2026-01-15 21:08

Title

Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable

Summary

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource. This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay. This issue affects: Junos OS: * all versions before 21.2R3-S10, * all versions of 22.2, * from 21.4 before 21.4R3-S12, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L/AU:Y/R:A/V:C/RE:M/U:Green

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103150	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 21.2R3-S10 (semver) Affected: 21.4 , < 21.4R3-S12 (semver) Affected: 22.2 , < 22.2* (semver) Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver)
Juniper Networks	Junos OS Evolved	Affected: 0 , < 22.4R3-S8-EVO (semver) Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver) Affected: 25.2 , < 25.2R1-S1-EVO, 25.2R2-EVO (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:08:29.604883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:08:37.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S12",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2*",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S1, 25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S1-EVO, 25.2R2-EVO",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eTo be affected by this issue, a device must be configured with either:\u003c/p\u003e\u003ccode\u003e  [ forwarding-options dhcp-relay group \u0026lt;group-name\u0026gt; interface ... ]\u003c/code\u003e\u003cbr\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e  [ system services dhcp-local-server group \u0026lt;group-name\u0026gt; interface ... ]\u003c/code\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "To be affected by this issue, a device must be configured with either:\n\n  [ forwarding-options dhcp-relay group \u003cgroup-name\u003e interface ... ]\nor\n\n  [ system services dhcp-local-server group \u003cgroup-name\u003e interface ... ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.\u003cbr\u003e\u003cbr\u003eThis vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S10,\u003c/li\u003e\u003cli\u003eall versions of 22.2,\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S12,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2, \u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1, 25.2R2; \u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-EVO, \u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.\n\nThis vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.\n\nThis issue affects:\n Junos OS: \n  *  all versions before 21.2R3-S10,\n  *  all versions of 22.2,\n  *  from 21.4 before 21.4R3-S12,\n  *  from 22.4 before 22.4R3-S8,\n  *  from 23.2 before 23.2R2-S5, \n  *  from 23.4 before 23.4R2-S6, \n  *  from 24.2 before 24.2R2-S2, \n  *  from 24.4 before 24.4R2, \n  *  from 25.2 before 25.2R1-S1, 25.2R2; \n\n\n\nJunos OS Evolved: \n  *  all versions before 22.4R3-S8-EVO, \n  *  from 23.2 before 23.2R2-S5-EVO, \n  *  from 23.4 before 23.4R2-S6-EVO, \n  *  from 24.2 before 24.2R2-S2-EVO, \n  *  from 24.4 before 24.4R2-EVO, \n  *  from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:14:43.508Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103150"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103150",
        "defect": [
          "1877468"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003eroot@junos\u0026gt; file change-permission filename /mfs/var/run/jdhcpd_mgmt permission\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4700\u003c/span\u003e\n\n\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eNote: This change will not be persistent across reboots."
            }
          ],
          "value": "Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:\n\nroot@junos\u003e file change-permission filename /mfs/var/run/jdhcpd_mgmt permission\u00a04700\n\n\n\nNote: This change will not be persistent across reboots."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-59961",
    "datePublished": "2026-01-15T20:14:43.508Z",
    "dateReserved": "2025-09-23T18:19:06.955Z",
    "dateUpdated": "2026-01-15T21:08:37.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-60003 (GCVE-0-2025-60003)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:15 – Updated: 2026-01-15 21:09

Title

Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash

Summary

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer. This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring: [ protocols bgp ... disable-4byte-as ] Established BGP sessions can be checked by executing: show bgp neighbor <IP address> | match "4 byte AS" This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-126 - Buffer Over-read

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103166	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver)
Juniper Networks	Junos OS Evolved	Affected: 0 , < 22.4R3-S8-EVO (semver) Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver)

Date Public

2026-01-14 17:00

Credits

Juniper SIRT would like to acknowledge and thank Craig Dods from Meta’s Infrastructure Security Engineering team for responsibly reporting this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-60003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:09:12.069529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:09:19.309Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue at least two BGP peers needs to be configured via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "To be exposed to this issue at least two BGP peers needs to be configured via:\n\n[ protocols bgp ... neighbor ... ]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\u003cbr\u003eThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ...\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisable-4byte-as\u0026nbsp;\u003c/span\u003e]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eEstablished BGP sessions can be checked by executing:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eshow bgp neighbor \u0026lt;IP address\u0026gt; | match \"4 byte AS\"\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\nThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\n\n[ protocols bgp ...\u00a0disable-4byte-as\u00a0]\n\n\nEstablished BGP sessions can be checked by executing:\n\nshow bgp neighbor \u003cIP address\u003e | match \"4 byte AS\"\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2;\n\n\nJunos OS Evolved:\u00a0\n\n  *  all versions before 22.4R3-S8-EVO,\n  *  23.2 versions before 23.2R2-S5-EVO,\n  *  23.4 versions before 23.4R2-S6-EVO,\n  *  24.2 versions before 24.2R2-S2-EVO,\n  *  24.4 versions before 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:15:04.828Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103166"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103166",
        "defect": [
          "1878812"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-60003",
    "datePublished": "2026-01-15T20:15:04.828Z",
    "dateReserved": "2025-09-23T18:19:06.960Z",
    "dateUpdated": "2026-01-15T21:09:19.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-60007 (GCVE-0-2025-60007)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:16 – Updated: 2026-03-16 18:18

Title

Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash

Summary

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from. This issue affects: Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103173	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-60007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:10:02.048889Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:10:13.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series",
            "EX Series",
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS on MX, SRX and EX Series,  except MX10000 Series and MX304:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\n\n\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\n\n\n\nThis issue affects:\n\nJunos OS on MX, SRX and EX Series,  except MX10000 Series and MX304:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T18:18:52.683Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103173"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103173",
        "defect": [
          "1854693"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: A specifically crafted \u0027show chassis\u0027 command causes chassisd to crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
            }
          ],
          "value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-60007",
    "datePublished": "2026-01-15T20:16:22.617Z",
    "dateReserved": "2025-09-23T18:19:06.961Z",
    "dateUpdated": "2026-03-16T18:18:52.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-60011 (GCVE-0-2025-60011)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:16 – Updated: 2026-01-15 21:10

Title

Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propagation to peers causing sessions to flap

Summary

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices. When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5 * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

Severity

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/	vendor-advisory
https://kb.juniper.net/JSA103161	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver)
Juniper Networks	Junos OS Evolved	Affected: 0 , < 22.4R3-S8-EVO (semver) Affected: 23.2 , < 23.2R2-S5-EVO (semver) Affected: 23.4 , < 23.4R2-S6-EVO (semver) Affected: 24.2 , < 24.2R2-S2-EVO (semver) Affected: 24.4 , < 24.4R2-EVO (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-60011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:10:41.872904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:10:58.766Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6-EVO",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S2-EVO",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue BGP needs to be configured for at least two peers via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "To be exposed to this issue BGP needs to be configured for at least two peers via:\n\n[ protocols bgp ... neighbor ... ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices.\u003cbr\u003e\u003cbr\u003eWhen an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices.\n\nWhen an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  all versions before 22.4R3-S8-EVO,\n  *  23.2 versions before 23.2R2-S5-EVO,\n  *  23.4 versions before 23.4R2-S6-EVO,\n  *  24.2 versions before 24.2R2-S2-EVO,\n  *  24.4 versions before 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:16:47.459Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA103161"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103161",
        "defect": [
          "1884492"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propagation to peers causing sessions to flap",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-60011",
    "datePublished": "2026-01-15T20:16:47.459Z",
    "dateReserved": "2025-09-23T18:19:06.961Z",
    "dateUpdated": "2026-01-15T21:10:58.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0203 (GCVE-0-2026-0203)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:17 – Updated: 2026-03-10 22:44

Title

Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart

Summary

An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks. This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue. This issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304. This issue affects Junos OS: * all versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S7, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/JSA104294	vendor-advisory
https://kb.juniper.net/JSA104294	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 21.2R3-S9 (semver) Affected: 21.4 , < 21.4R3-S10 (semver) Affected: 22.2 , < 22.2R3-S7 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S5 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0203",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:11:21.932357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:11:32.119Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S10",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S7",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S4",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S5",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S3",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S3",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R1-S2, 24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThis issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eThis issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).\n\n\n\nWhen an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.\n\nThis issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.\n\nThis issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  all versions before 21.2R3-S9,\u00a0\n  *  from 21.4 before 21.4R3-S10,\u00a0\n  *  from 22.2 before 22.2R3-S7,\u00a0\n  *  from 22.3 before 22.3R3-S4,\u00a0\n  *  from 22.4 before 22.4R3-S5,\u00a0\n  *  from 23.2 before 23.2R2-S3,\u00a0\n  *  from 23.4 before 23.4R2-S3,\u00a0\n  *  from 24.2 before 24.2R1-S2, 24.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T22:44:14.198Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA104294"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA104294"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S10, 21.2R3-S9, 21.4R3-S10, 22.2R3-S7, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S10, 21.2R3-S9, 21.4R3-S10, 22.2R3-S7, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA104294",
        "defect": [
          "1824879"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-14T17:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2026-03-10T16:00:00.000Z",
          "value": "Clarified that AFT line cards are unaffected by this issue"
        }
      ],
      "title": "Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-0203",
    "datePublished": "2026-01-15T20:17:24.552Z",
    "dateReserved": "2025-10-29T20:57:34.631Z",
    "dateUpdated": "2026-03-10T22:44:14.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21903 (GCVE-0-2026-21903)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:18 – Updated: 2026-01-15 21:12

Title

Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

Summary

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS: * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

juniper

References

2 references

URL	Tags
https://supportportal.juniper.net/JSA106022	vendor-advisory
https://kb.juniper.net/JSA106022	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Juniper Networks	Junos OS	Affected: 0 , < 22.4R3-S7 (semver) Affected: 23.2 , < 23.2R2-S4 (semver) Affected: 23.4 , < 23.4R2 (semver)

Date Public

2026-01-14 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:12:00.833031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:12:08.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A device is only exposed to this issue if GRPC services are configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
            }
          ],
          "value": "A device is only exposed to this issue if GRPC services are configured:\n\n[ system services extension-service request-response grpc ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated\u003c/span\u003e\u0026nbsp;with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\u003cbr\u003eThe issue was not seen when YANG packages for the specific sensors were installed. \u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 version before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u00a0authenticated\u00a0with low privileges to cause a Denial-of-Service (DoS).\n\n\n\nSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\nThe issue was not seen when YANG packages for the specific sensors were installed. \n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S7,\n  *  23.2 version before 23.2R2-S4,\n  *  23.4 versions before 23.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:18:36.767Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA106022"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA106022"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA106022",
        "defect": [
          "1811989"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-21903",
    "datePublished": "2026-01-15T20:18:36.767Z",
    "dateReserved": "2026-01-05T17:32:48.709Z",
    "dateUpdated": "2026-01-15T21:12:08.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0117

CVE-2024-50302 (GCVE-0-2024-50302)

CVE-2025-52987 (GCVE-0-2025-52987)

CVE-2025-59959 (GCVE-0-2025-59959)

CVE-2025-59960 (GCVE-0-2025-59960)

CVE-2025-59961 (GCVE-0-2025-59961)

CVE-2025-60003 (GCVE-0-2025-60003)

CVE-2025-60007 (GCVE-0-2025-60007)

CVE-2025-60011 (GCVE-0-2025-60011)

CVE-2026-0203 (GCVE-0-2026-0203)

CVE-2026-21903 (GCVE-0-2026-21903)

Tags

Sightings

Nomenclature