CVE-2025-52947
📋 TL;DR
An improper handling of exceptional conditions vulnerability in Juniper Junos OS on specific ACX Series platforms allows attackers to crash the Forwarding Engine Board (FEB) by flapping an interface configured with L2 circuit hot-standby mode, causing a denial of service. This affects ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices running Junos OS versions before 21.2R3-S9.
💻 Affected Systems
- ACX1000
- ACX1100
- ACX2000
- ACX2100
- ACX2200
- ACX4000
- ACX5048
- ACX5096
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete network outage on affected devices requiring manual reboot, disrupting all traffic forwarding capabilities.
Likely Case
Service disruption on affected interfaces and connected networks until FEB restart.
If Mitigated
Limited impact if hot-standby mode is not configured or devices are not internet-facing.
🎯 Exploit Status
Requires ability to flap interfaces and specific L2 circuit hot-standby configuration. Attackers would need network access to trigger interface state changes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 21.2R3-S9 or later
Vendor Advisory: https://supportportal.juniper.net/JSA100051
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Download Junos OS 21.2R3-S9 or later from Juniper support portal. 3. Install update using 'request system software add' command. 4. Reboot device after installation completes.
🔧 Temporary Workarounds
Disable L2 Circuit Hot-Standby
allRemove or disable hot-standby configuration for L2 circuits to prevent the crash condition.
delete protocols l2circuit neighbor <neighbor-ip> interface <interface> hot-standby
Interface Stabilization
allImplement interface debouncing and monitoring to prevent rapid interface state changes.
set interfaces <interface> hold-time up 3000 down 3000
🧯 If You Can't Patch
- Disable hot-standby mode on all L2 circuit configurations
- Implement network segmentation to limit access to vulnerable devices and monitor for interface flapping
🔍 How to Verify
Check if Vulnerable:
Check Junos version with 'show version' and verify if L2 circuit hot-standby is configured with 'show configuration protocols l2circuit'.Check Version:
show version | match JunosVerify Fix Applied:
Verify Junos version is 21.2R3-S9 or later with 'show version' and test interface flapping with hot-standby configured.📡 Detection & Monitoring
Log Indicators:
- FEB crash messages in system logs
- Interface state change rapid logging
- L2 circuit failure events
Network Indicators:
- Sudden loss of connectivity on affected interfaces
- Increased interface state change events
SIEM Query:
source="juniper-firewall" AND ("FEB crash" OR "interface flap" OR "l2circuit down")