CRITICAL🇵🇱 Wersja polska

CVE-2026-21902

CVSS 9.3v4.0pub. 2026-02-25upd. 2026-03-30

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Red
  • Juniper Junos Os Evolved

    OS
    Juniper
    25.4
  • Juniper Ptx10001 36mr

    HW
    Juniper
    wszystkie wersje
  • Juniper Ptx10002 36qdd

    HW
    Juniper
    wszystkie wersje
  • Juniper Ptx10003

    HW
    Juniper
    wszystkie wersje
  • Juniper Ptx10004

    HW
    Juniper
    wszystkie wersje
  • Juniper Ptx10008

    HW
    Juniper
    wszystkie wersje
  • Juniper Ptx10016

    HW
    Juniper
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-0211CRITICAL10.0ten sam produkt

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...

CVE-2025-59969HIGH7.1ten sam produkt

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forward...

CVE-2026-33780HIGH7.1ten sam produkt

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2a...

CVE-2026-21919HIGH7.1ten sam produkt

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Jun...

CVE-2026-33783HIGH7.1ten sam produkt

A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos O...