Juniper Junos OS Multiple Vulnerabilities
Release Date: 16 Jan 2026
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Juniper Junos OS. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition, sensitive information disclosure, elevation of privilege and security restriction bypass on the targeted system.
Impact
- Denial of Service
- Information Disclosure
- Security Restriction Bypass
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Junos OS
- Junos OS Evolved
Please refer to the link below for detail:
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Please refer to 2026-01 Security Bulletin.
Vulnerability Identifier
- CVE-2024-50302
- CVE-2025-52987
- CVE-2025-59959
- CVE-2025-59960
- CVE-2025-59961
- CVE-2025-60003
- CVE-2025-60007
- CVE-2025-60011
- CVE-2026-0203
- CVE-2026-21903
- CVE-2026-21905
- CVE-2026-21906
- CVE-2026-21907
- CVE-2026-21908
- CVE-2026-21909
- CVE-2026-21910
- CVE-2026-21911
- CVE-2026-21912
- CVE-2026-21913
- CVE-2026-21914
- CVE-2026-21917
- CVE-2026-21918
- CVE-2026-21920
- CVE-2026-21921
Source
Related Link
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-DHCP-Option-82-messages-from-clients-being-passed-unmodified-to-the-DHCP-server-CVE-2025-59960
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Paragon-Automation-A-clickjacking-vulnerability-in-the-web-server-configuration-has-been-addressed-CVE-2025-52987
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Executing-a-specific-show-command-leads-to-an-rpd-crash-CVE-2025-59959
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908
- https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906
沒有留言:
發佈留言