CVE-2026-21908 - Vulnerability Details

Link	Providers
https://kb.juniper.net/JSA106007
https://supportportal.juniper.net/JSA106007

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects: Junos OS: * from 23.2R2-S1 before 23.2R2-S5, * from 23.4R2 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S2, 25.2R2; Junos OS Evolved: * from 23.2R2-S1 before 23.2R2-S5-EVO, * from 23.4R2 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S3-EVO, * from 24.4 before 24.4R2-S1-EVO, * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.
Title		Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process
Weaknesses		CWE-416
References		https://kb.juniper.net/JSA106007 https://supportportal.juniper.net/JSA106007
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21908", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2026-01-05T17:32:48.710Z", "datePublished": "2026-01-15T20:21:41.576Z", "dateUpdated": "2026-01-15T20:45:07.011Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "23.2R2-S5", "status": "affected", "version": "23.2R2-S1", "versionType": "semver"}, {"lessThan": "23.4R2-S6", "status": "affected", "version": "23.4R2", "versionType": "semver"}, {"lessThan": "24.2R2-S3", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-S1", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S2, 25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "23.2R2-S5-EVO", "status": "affected", "version": "23.2R2-S1", "versionType": "semver"}, {"lessThan": "23.4R2-S6-EVO", "status": "affected", "version": "23.4R2", "versionType": "semver"}, {"lessThan": "24.2R2-S3-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-S1-EVO", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S2-EVO, 25.2R2-EVO", "status": "affected", "version": "25.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue requires support for 802.1X be enabled. For example: <tt>[protocols dot1x authenticator ...]</tt>"}], "value": "This issue requires support for 802.1X be enabled. For example:\n\n[protocols dot1x authenticator ...]"}], "datePublic": "2026-01-14T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects:Junos OS: <ul><li>from 23.2R2-S1 before 23.2R2-S5, </li><li>from 23.4R2 before 23.4R2-S6, </li><li>from 24.2 before 24.2R2-S3, </li><li>from 24.4 before 24.4R2-S1, </li><li>from 25.2 before 25.2R1-S2, 25.2R2; </li></ul>Junos OS Evolved: <ul><li>from 23.2R2-S1 before 23.2R2-S5-EVO, </li><li>from 23.4R2 before 23.4R2-S6-EVO, </li><li>from 24.2 before 24.2R2-S3-EVO, </li><li>from 24.4 before 24.4R2-S1-EVO, </li><li>from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.</li></ul>"}], "value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.\n\nThe issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path.\n\nThis issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5,\u00a0\n * from 23.4R2 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S2, 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5-EVO,\u00a0\n * from 23.4R2 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S3-EVO,\u00a0\n * from 24.4 before 24.4R2-S1-EVO,\u00a0\n * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 7.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:21:41.576Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA106007"}, {"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA106007"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases. Junos OS Evolved: 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,"}], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved:\u00a023.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,"}], "source": {"advisory": "JSA106007", "defect": ["1896371"], "discovery": "INTERNAL"}, "title": "Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-15T20:44:55.346913Z", "id": "CVE-2026-21908", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:45:07.011Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-15T20:44:55.346913Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-15T20:45:01.036Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process", "source": {"defect": ["1896371"], "advisory": "JSA106007", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "23.2R2-S1", "lessThan": "23.2R2-S5", "versionType": "semver"}, {"status": "affected", "version": "23.4R2", "lessThan": "23.4R2-S6", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S3", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2-S1", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S2, 25.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "23.2R2-S1", "lessThan": "23.2R2-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4R2", "lessThan": "23.4R2-S6-EVO", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S3-EVO", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2-S1-EVO", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S2-EVO, 25.2R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved:\u00a023.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases. Junos OS Evolved: 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,", "base64": false}]}], "datePublic": "2026-01-14T17:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA106007", "tags": ["vendor-advisory"]}, {"url": "https://kb.juniper.net/JSA106007", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.\n\nThe issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path.\n\nThis issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5,\u00a0\n * from 23.4R2 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S2, 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5-EVO,\u00a0\n * from 23.4R2 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S3-EVO,\u00a0\n * from 24.4 before 24.4R2-S1-EVO,\u00a0\n * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects:Junos OS: <ul><li>from 23.2R2-S1 before 23.2R2-S5, </li><li>from 23.4R2 before 23.4R2-S6, </li><li>from 24.2 before 24.2R2-S3, </li><li>from 24.4 before 24.4R2-S1, </li><li>from 25.2 before 25.2R1-S2, 25.2R2; </li></ul>Junos OS Evolved: <ul><li>from 23.2R2-S1 before 23.2R2-S5-EVO, </li><li>from 23.4R2 before 23.4R2-S6-EVO, </li><li>from 24.2 before 24.2R2-S3-EVO, </li><li>from 24.4 before 24.4R2-S1-EVO, </li><li>from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "configurations": [{"lang": "en", "value": "This issue requires support for 802.1X be enabled. For example:\n\n[protocols dot1x authenticator ...]", "supportingMedia": [{"type": "text/html", "value": "This issue requires support for 802.1X be enabled. For example: <tt>[protocols dot1x authenticator ...]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:21:41.576Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21908", "state": "PUBLISHED", "dateUpdated": "2026-01-15T20:45:07.011Z", "dateReserved": "2026-01-05T17:32:48.710Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-01-15T20:21:41.576Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.\n\nThe issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path.\n\nThis issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5,\u00a0\n * from 23.4R2 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S2, 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5-EVO,\u00a0\n * from 23.4R2 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S3-EVO,\u00a0\n * from 24.4 before 24.4R2-S1-EVO,\u00a0\n * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO."}], "id": "CVE-2026-21908", "lastModified": "2026-01-15T21:16:06.537", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-01-15T21:16:06.537", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA106007"}, {"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA106007"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "sirt@juniper.net", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object