CVE-2026-21913

HIGH EPSS 29.3%
Published Jan 15, 20265mo ago · Modified Jun 17, 20261w ago
8.7 CVSS 4.0
High
Find Similar
Published Jan 15, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago

Description

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted. The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:   reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP: * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S2, 25.2R2. This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

CVSS Details

Base Score
8.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
29.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-665

Affected Products 11

VendorProductVersionRange
juniperjunos24.4any
juniperjunos24.4any
juniperjunos24.4any
juniperjunos24.4any
juniperjunos25.2any
juniperjunos25.2any
juniperjunos25.2any
juniperjunos25.2any
juniperex4000-48mp*any
juniperex4000-48p*any
juniperex4000-48t*any

References 2

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.