{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21913", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-01-05T17:32:48.710Z", "datePublished": "2026-01-15T20:25:03.276Z", "dateUpdated": "2026-01-15T20:45:02.652Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["EX4000-48T", "EX4000-48P", "EX4000-48MP"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S2, 25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}, {"lessThan": "24.4R1", "status": "unaffected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-01-14T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.</span></span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:</span></p><tt>&nbsp; reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump</tt><p> \n\n<br></p><p>This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:</p><p></p><ul><li>24.4 versions before 24.4R2,</li><li>25.2 versions before 25.2R1-S2, 25.2R2.</li></ul><p></p>This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."}], "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\n\n\n\n\nThe following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:\n\n\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \n\n\n\n\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\n\n\n\n * 24.4 versions before 24.4R2,\n * 25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1419", "description": "CWE-1419 Incorrect Initialization of Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:25:03.276Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA106014"}, {"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA106014"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."}], "source": {"advisory": "JSA106014", "defect": ["1898489"], "discovery": "USER"}, "title": "Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T20:44:57.151563Z", "id": "CVE-2026-21913", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:45:02.652Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-15T20:44:57.151563Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:44:59.188Z"}}], "cna": {"title": "Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart", "source": {"defect": ["1898489"], "advisory": "JSA106014", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "24.4", "lessThan": "24.4R2", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S2, 25.2R2", "versionType": "semver"}, {"status": "unaffected", "version": "0", "lessThan": "24.4R1", "versionType": "semver"}], "platforms": ["EX4000-48T", "EX4000-48P", "EX4000-48MP"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.", "base64": false}]}], "datePublic": "2026-01-14T17:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA106014", "tags": ["vendor-advisory"]}, {"url": "https://kb.juniper.net/JSA106014", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\n\n\n\n\nThe following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:\n\n\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \n\n\n\n\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\n\n\n\n * 24.4 versions before 24.4R2,\n * 25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.", "supportingMedia": [{"type": "text/html", "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.</span></span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:</span></p><tt>&nbsp; reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump</tt><p> \n\n<br></p><p>This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:</p><p></p><ul><li>24.4 versions before 24.4R2,</li><li>25.2 versions before 25.2R1-S2, 25.2R2.</li></ul><p></p>This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1419", "description": "CWE-1419 Incorrect Initialization of Resource"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:25:03.276Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21913", "state": "PUBLISHED", "dateUpdated": "2026-01-15T20:45:02.652Z", "dateReserved": "2026-01-05T17:32:48.710Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-01-15T20:25:03.276Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*", "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*", "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*", "matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*", "matchCriteriaId": "1B7572BB-9C77-4214-9C5F-CC83C7B93E37", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*", "matchCriteriaId": "CAADBF98-38BE-40E2-AF1B-9077DCED0809", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "558F0A4C-0C72-4BF1-B2DE-C0D3BFD54BCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*", "matchCriteriaId": "6C7B9DEB-7472-4010-8717-8050555C2FAD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex4000-48mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "62095696-9ECD-4348-9CEF-B2964ADECDC0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4000-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D907C1B-4C3D-4280-B5D9-FA0557B5A72F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4000-48t:-:*:*:*:*:*:*:*", "matchCriteriaId": "4009C8F8-19AE-4DAF-8CF7-0DC5EA76A852", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\n\n\n\n\nThe following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:\n\n\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \n\n\n\n\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\n\n\n\n * 24.4 versions before 24.4R2,\n * 25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."}], "id": "CVE-2026-21913", "lastModified": "2026-01-23T19:40:56.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-01-15T21:16:07.537", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA106014"}, {"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA106014"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2026-01-16T13:42:51.965687+00:00", "updated": "2026-01-16T13:42:51.965794+00:00", "vendors": ["juniper_networks", "juniper_networks$PRODUCT$junos_os"]}