CVE-2026-21913
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Juniper Networks, Inc.

Description
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)Β a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message: Β  reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-05-07
AI Q&A
2026-01-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-21913
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
juniper junoss to 24.4R2 (exc)
juniper junoss to 25.2R1-S2 (exc)
juniper junoss 25.2R2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Incorrect Initialization of Resource issue in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models. It allows an unauthenticated, network-based attacker to send a high volume of traffic to the device, causing the FXPC component to crash and restart. This results in a Denial-of-Service (DoS) condition, leading to a complete service outage until the device automatically restarts.


How can this vulnerability impact me? :

The impact of this vulnerability is a Denial-of-Service (DoS) on affected Juniper EX4000 devices. An attacker can cause the device to crash and restart by sending a high volume of traffic, resulting in a complete service outage during the restart period. This can disrupt network availability and services relying on the affected device.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for device reboots with the specific reboot reason 'reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump'. You can use the command 'show chassis routing-engine' on affected Juniper EX4000 devices to check for this reboot reason in the output and logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading the Junos OS on affected EX4000-48T, EX4000-48P, and EX4000-48MP devices to versions 24.4R2 or later, or 25.2R1-S2 or later, as these versions contain fixes for the vulnerability. Until the upgrade can be performed, limiting high volumes of traffic destined to the device may reduce the risk of triggering the Denial-of-Service condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart