CVE-2026-21913
📋 TL;DR
An unauthenticated attacker can cause a complete denial-of-service on vulnerable Juniper EX4000 switches by sending high volumes of traffic to the device. This triggers a crash and automatic restart of the FXPC component, causing service outage during the reboot. Only EX4000-48T, EX4000-48P, and EX4000-48MP models running specific Junos OS versions are affected.
💻 Affected Systems
- Juniper EX4000-48T
- Juniper EX4000-48P
- Juniper EX4000-48MP
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete network outage on affected switches during automatic restart, potentially disrupting critical network services until device reboots.
Likely Case
Service disruption during device restart when targeted with high traffic volumes, affecting network availability.
If Mitigated
Limited impact if traffic filtering prevents high-volume traffic from reaching management interfaces.
🎯 Exploit Status
Attack requires sending high volume of traffic to the device, which is relatively simple to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS 24.4R2, 25.2R1-S2, or 25.2R2
Vendor Advisory: https://kb.juniper.net/JSA106014
Restart Required: Yes
Instructions:
1. Download appropriate Junos OS version from Juniper support portal. 2. Transfer image to switch. 3. Install using 'request system software add' command. 4. Reboot device to complete installation.
🔧 Temporary Workarounds
Traffic Rate Limiting
allImplement rate limiting on traffic destined to the switch to prevent high-volume attacks
set firewall family inet filter PROTECT-SWITCH term BLOCK-HIGH-VOLUME then policer 1m
set firewall policer 1m if-exceeding bandwidth-limit 1m
set firewall policer 1m if-exceeding burst-size-limit 100k
set firewall policer 1m then discard
Management Interface Protection
allRestrict access to management interfaces using ACLs
set firewall family inet filter MGMT-ACL term ALLOW-TRUSTED from source-address 10.0.0.0/8
set firewall family inet filter MGMT-ACL term ALLOW-TRUSTED then accept
set firewall family inet filter MGMT-ACL term DENY-ALL then discard
set interfaces me0 unit 0 family inet filter input MGMT-ACL
🧯 If You Can't Patch
- Implement strict network segmentation to isolate EX4000 switches from untrusted networks
- Deploy network monitoring to detect unusual traffic patterns targeting switch management interfaces
🔍 How to Verify
Check if Vulnerable:
Check device model and Junos OS version: 'show version' and 'show chassis hardware'Check Version:
show version | match JunosVerify Fix Applied:
Verify Junos OS version is 24.4R2 or later, or 25.2R1-S2/25.2R2 or later📡 Detection & Monitoring
Log Indicators:
- reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump
- FXPC crash messages
- Unexpected device reboots
Network Indicators:
- Unusually high traffic volumes to switch management interfaces
- Sudden loss of connectivity to switch
SIEM Query:
device_model:EX4000 AND (log_message:"watchdog + panic" OR log_message:"FXPC crash" OR reboot_reason:0x4000002)