CVE-2026-0203
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-03-10

Assigner: Juniper Networks, Inc.

Description
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS). When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks. This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue. This issue does not affect AFT-based line cards such as the MPC10, MPC11, LC4800, LC9600, and MX304. This issue affects Junos OS:Β  * all versions before 21.2R3-S9,Β  * from 21.4 before 21.4R3-S10,Β  * from 22.2 before 22.2R3-S7,Β  * from 22.3 before 22.3R3-S4,Β  * from 22.4 before 22.4R3-S5,Β  * from 23.2 before 23.2R2-S3,Β  * from 23.4 before 23.4R2-S3,Β  * from 24.2 before 24.2R1-S2, 24.2R2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-03-10
Generated
2026-05-07
AI Q&A
2026-01-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-0203
EUVD
EUVD-2026-2681
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
juniper junoss to 21.2r3-s9 (exc)
juniper junoss From 21.4 (inc) to 21.4r3-s10 (exc)
juniper junoss From 22.2 (inc) to 22.2r3-s7 (exc)
juniper junoss From 22.3 (inc) to 22.3r3-s4 (exc)
juniper junoss From 22.4 (inc) to 22.4r3-s5 (exc)
juniper junoss From 23.2 (inc) to 23.2r2-s3 (exc)
juniper junoss From 23.4 (inc) to 23.4r2-s3 (exc)
juniper junoss From 24.2 (inc) to 24.2r1-s2 (exc)
juniper junoss 24.2r2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Improper Handling of Exceptional Conditions in Juniper Networks Junos OS packet processing. Specifically, when an ICMPv4 packet with a malformed IP header is received, it causes the Flexible PIC Concentrator (FPC) to crash and restart. This crash results in a Denial of Service (DoS) condition. The vulnerability can be exploited by an unauthenticated, network-adjacent attacker sending a specially crafted ICMP packet. The attack surface is limited to adjacent networks because upstream routers do not forward these malformed packets.


How can this vulnerability impact me? :

The impact of this vulnerability is a Denial of Service (DoS) on the affected Junos OS device. When exploited, the FPC crashes and restarts, potentially disrupting network operations and causing downtime. Since the attacker can be unauthenticated and only needs network adjacency, this could lead to service interruptions in network environments using vulnerable versions of Junos OS.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade your Junos OS to a fixed version that addresses the issue. The affected versions are all versions before 21.2R3-S9, from 21.4 before 21.4R3-S10, from 22.2 before 22.2R3-S7, from 22.3 before 22.3R3-S4, from 22.4 before 22.4R3-S5, from 23.2 before 23.2R2-S3, from 23.4 before 23.4R2-S3, and from 24.2 before 24.2R1-S2, 24.2R2. Upgrading to versions at or beyond these fixed releases will prevent the FPC crash caused by malformed ICMPv4 packets. Additionally, since the attack surface is limited to adjacent networks, consider implementing network controls to restrict ICMPv4 traffic from untrusted adjacent sources if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart