CVE-2026-21906
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junoss | to 21.4r3-s12 (exc) |
| juniper | junoss | From 22.4 (inc) to 22.4r3-s8 (exc) |
| juniper | junoss | From 23.2 (inc) to 23.2r2-s5 (exc) |
| juniper | junoss | From 23.4 (inc) to 23.4r2-s5 (exc) |
| juniper | junoss | From 24.2 (inc) to 24.2r2-s3 (exc) |
| juniper | junoss | From 24.4 (inc) to 24.4r2-s1 (exc) |
| juniper | junoss | From 25.2 (inc) to 25.2r1-s1 (exc) |
| juniper | junoss | 25.2r2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Handling of Exceptional Conditions in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series devices. It allows an unauthenticated network-based attacker to send a specific ICMP packet through a GRE tunnel, which causes the PFE to crash and restart. This happens when PowerMode IPsec (PMI) and GRE performance acceleration are enabled. PMI is a mode that improves IPsec performance using Vector Packet Processing and is enabled by default. The crash results in traffic loss on affected devices.
How can this vulnerability impact me? :
The vulnerability can cause the packet forwarding engine (PFE) on affected Juniper SRX devices to crash and restart when a specific ICMP packet is sent through a GRE tunnel. This leads to traffic loss and potential network disruption. Since the attacker can be unauthenticated and network-based, it poses a risk of denial of service by causing repeated crashes, impacting network availability and reliability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the Packet Forwarding Engine (PFE) crashing and restarting when receiving a specific ICMP packet through a GRE tunnel with PowerMode IPsec (PMI) and GRE performance acceleration enabled. Detection can involve monitoring for unexpected PFE crashes or restarts on affected Juniper SRX devices. Since PMI is enabled by default and GRE performance acceleration can be enabled via configuration, checking the device configuration for GRE performance acceleration and monitoring system logs for PFE crashes are recommended. Specific Junos OS commands to check configuration include: 'show configuration security flow power-mode-ipsec' to verify PMI settings, and 'show system processes extensive' or 'show log messages' to detect PFE crashes or restarts. Additionally, monitoring ICMP traffic through GRE tunnels may help identify suspicious packets triggering the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Junos OS on affected SRX Series devices to a fixed version where the vulnerability is resolved. The affected versions are all before 21.4R3-S12, from 22.4 before 22.4R3-S8, from 23.2 before 23.2R2-S5, from 23.4 before 23.4R2-S5, from 24.2 before 24.2R2-S3, from 24.4 before 24.4R2-S1, and from 25.2 before 25.2R1-S1 or 25.2R2. If immediate upgrade is not possible, consider disabling GRE performance acceleration or restricting ICMP traffic through GRE tunnels to prevent the specific ICMP packet from reaching the device. Reviewing and adjusting the configuration to disable GRE performance acceleration (which is enabled via a specific command) can reduce exposure. Monitoring and filtering network traffic to block malformed or suspicious ICMP packets over GRE tunnels can also help mitigate risk until patches are applied. [1]