CVE-2026-21912

MEDIUM EPSS 1.2%
Published Jan 15, 20265mo ago · Modified Jun 17, 20262w ago
6.8 CVSS 4.0
Medium
Find Similar
Published Jan 15, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset. On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:  * all versions before 21.2R3-S10,  * from 21.4 before 21.4R3-S9,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.

CVSS Details

Base Score
6.8
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:Amber
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
1.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-367

Affected Products 82

VendorProductVersionRange
juniperjunos* <21.2
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.2any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos21.4any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.2any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos22.4any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.2any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos23.4any
juniperjunos24.2any
juniperjunos24.2any
juniperjunos24.2any
juniperjunos24.2any
juniperlc2101*any
juniperlc480*any
junipermx10004*any
junipermx10008*any

References 2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.