CVE-2026-21914 (GCVE-0-2026-21914)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:25 – Updated: 2026-01-15 20:44
VLAI
Title
Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash
Summary
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects Junos OS on SRX Series: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R1-S1, 25.2R2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 22.4R3-S8 (semver)
Affected: 23.2 , < 23.2R2-S5 (semver)
Affected: 23.4 , < 23.4R2-S6 (semver)
Affected: 24.2 , < 24.2R2-S3 (semver)
Affected: 24.4 , < 24.4R2-S2 (semver)
Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver)
Create a notification for this product.
Date Public
2026-01-14 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T20:44:24.800966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T20:44:30.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S5",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S6",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-S3",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-S2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            },
            {
              "lessThan": "25.2R1-S1, 25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue the device needs to be configured with a GTP profile as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security policies ... policy \u0026lt;policy-name\u0026gt; then permit application-services gtp-profile \u0026lt;profile-name\u0026gt; ]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue the device needs to be configured with a GTP profile as follows:\n\n[ security policies ... policy \u003cpolicy-name\u003e then permit application-services gtp-profile \u003cprofile-name\u003e ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\u003cbr\u003e\u003cbr\u003eIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series:\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\n\nIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n  *  all versions before 22.4R3-S8,\n  *  23.2 versions before 23.2R2-S5,\n  *  23.4 versions before 23.4R2-S6,\n  *  24.2 versions before 24.2R2-S3,\n  *  24.4 versions before 24.4R2-S2,\n  *  25.2 versions before 25.2R1-S1, 25.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-667",
              "description": "CWE-667 Improper Locking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:25:35.725Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA106015"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA106015"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA106015",
        "defect": [
          "1882028"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-21914",
    "datePublished": "2026-01-15T20:25:35.725Z",
    "dateReserved": "2026-01-05T17:32:48.711Z",
    "dateUpdated": "2026-01-15T20:44:30.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-21914",
      "date": "2026-07-03",
      "epss": "0.00299",
      "percentile": "0.21606"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-21914\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2026-01-15T21:16:07.700\",\"lastModified\":\"2026-06-17T10:19:09.060\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\\n\\nIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\\n\\nThis issue affects Junos OS on SRX Series:\\n\\n  *  all versions before 22.4R3-S8,\\n  *  23.2 versions before 23.2R2-S5,\\n  *  23.4 versions before 23.4R2-S6,\\n  *  24.2 versions before 24.2R2-S3,\\n  *  24.4 versions before 24.4R2-S2,\\n  *  25.2 versions before 25.2R1-S1, 25.2R2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de bloqueo incorrecto en el plugin GTP de Juniper Networks Junos OS en la serie SRX permite a un atacante no autenticado y basado en red causar una denegaci\u00f3n de servicio (DoS).\\n\\nSi un dispositivo de la serie SRX recibe un mensaje de solicitud de modificaci\u00f3n de portador (Modify Bearer Request) del protocolo de tunelizaci\u00f3n GPRS (GTP) espec\u00edficamente malformado, se adquiere un bloqueo y nunca se libera. Esto resulta en que otros hilos no pueden adquirir un bloqueo por s\u00ed mismos, causando un tiempo de espera del watchdog que lleva a un fallo y reinicio del FPC. Este problema lleva a una interrupci\u00f3n completa del tr\u00e1fico hasta que el dispositivo se haya recuperado autom\u00e1ticamente.\\n\\nEste problema afecta a Junos OS en la serie SRX:\\n\\n  *  todas las versiones anteriores a 22.4R3-S8,\\n  *  versiones 23.2 anteriores a 23.2R2-S5,\\n  *  versiones 23.4 anteriores a 23.4R2-S6,\\n  *  versiones 24.2 anteriores a 24.2R2-S3,\\n  *  versiones 24.4 anteriores a 24.4R2-S2,\\n  *  versiones 25.2 anteriores a 25.2R1-S1, 25.2R2.\"}],\"affected\":[{\"source\":\"sirt@juniper.net\",\"affectedData\":[{\"vendor\":\"Juniper Networks\",\"product\":\"Junos OS\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"SRX Series\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"22.4R3-S8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"23.2\",\"lessThan\":\"23.2R2-S5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"23.4\",\"lessThan\":\"23.4R2-S6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"24.2\",\"lessThan\":\"24.2R2-S3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"24.4\",\"lessThan\":\"24.4R2-S2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"25.2\",\"lessThan\":\"25.2R1-S1, 25.2R2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-15T20:44:24.800966Z\",\"id\":\"CVE-2026-21914\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.4\",\"matchCriteriaId\":\"57F66641-003B-49D6-A9B9-AB300CFE3C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1379EF30-AF04-4F98-8328-52A631F24737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E42A41-7965-456B-B0AF-9D3229CE4D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB1A77D6-D3AD-481B-979C-8F778530B175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A064B6B-A99B-4D8D-A62D-B00C7870BC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"40813417-A938-4F74-A419-8C5188A35486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FC1BA1A-DF0E-4B15-86BA-24C60E546732\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBB967BF-3495-476D-839A-9DBFCBE69F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E5688D6-DCA4-4550-9CD1-A3D792252129\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8494546C-00EA-49B6-B6FA-FDE42CA5B1FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BB98579-FA33-4E41-A162-A46E9709FBD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E2562F-FB18-4347-8497-7D61B8157EBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"494D1D96-1DA2-4B0A-9536-1B5A4FDFCA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A1E37B-1990-44D9-87FE-300678243BE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D306ED88-8700-4FD4-8919-3C85728C04C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:22.4:r3-s7:*:*:*:*:*:*\",\"matchCriteriaId\":\"11340C63-A638-420C-85C9-1B4438C88D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A78CC80-E8B1-4CDA-BB35-A61833657FA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3B2FE1-C228-46BE-AC76-70C2687050AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1B16FF0-900F-4AEE-B670-A537139F6909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B227E831-30FF-4BE1-B8B2-31829A5610A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ADA814B-EF98-45B1-AF7A-0C89688F7CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6FB32DF-D062-4FB9-8777-452978BEC7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B6C811-5C10-4486-849D-5559B592350A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"078D61B9-A228-453C-9D20-6F9C6B20637F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F136A0-021D-43FE-BDD3-AD7201F7FC03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"78481ABC-3620-410D-BC78-334657E0BB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE8A5BA3-87BD-473A-B229-2AAB2C797005\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B74AC3E-8FC9-400A-A176-4F7F21F10756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"175CCB13-76C0-44A4-A71D-41E22B92EB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"166BFDB3-1945-4949-BC2B-E18442FF2E4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5923610F-878C-48CA-8B5D-9C609E4DD4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7C207E3-0252-4192-8E8C-E2ED2831B4F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6974492-FE69-4340-8881-61C3329C1545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:*\",\"matchCriteriaId\":\"279E59FE-96DF-4E1D-A3A2-61D180F04533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"89524D6D-0B22-4952-AD8E-8072C5A05D5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD69A194-1B03-44EA-8092-79BD10C6F729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8463ADB4-B8A7-4D63-97A9-232ED713A21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE68337F-106E-4317-A5B6-292B0159F577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"266B520A-482A-43F7-90F8-B9D64D30034F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC78BC9E-5DA7-4E42-9923-B49A0B7F3564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD99F1B0-82B0-4CD3-8C8F-C0FFF44A8B90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C452BDCB-34E3-42D3-8909-2312356EB70A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8158F2-2028-40E9-955F-CFD581A32F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A7233A1-EC7A-4458-9AE1-835480A03A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D74087E2-5CAA-4085-8408-EB70EC1D5D91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EEF1798-F3C2-4645-96E7-1E82368B184D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BB5EE1-04C7-4DF3-807A-06005ECFEEE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B7572BB-9C77-4214-9C5F-CC83C7B93E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAADBF98-38BE-40E2-AF1B-9077DCED0809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:25.2:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C7B9DEB-7472-4010-8717-8050555C2FAD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CEBF85C-736A-4E7D-956A-3E8210D4F70B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE06B18-BFB5-4029-A05D-386CFBFBF683\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A1DCCD-208C-46D9-8E14-89592B49AB9A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5AB24B-2B43-43DD-AE10-F758B4B19F2A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9DC32-5ADF-4430-B1A6-357D0B29DB78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B82D4C4-7A65-409A-926F-33C054DCBFBA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE535749-F4CE-4FFA-B23D-BF09C92481E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5942B6E-AFC7-40E4-8007-68C804BD52E3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC5F6F5-4347-49D3-909A-27A3A96D36C9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"826F893F-7B06-43B5-8653-A8D9794C052E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BA6B86-D3F4-4496-AE46-AC513C6560FA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"462CFD52-D3E2-4F7A-98AC-C589D2420556\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FDDC897-747F-44DD-9599-7266F9B5B7B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68CA098D-CBE4-4E62-9EC0-43E1B6098710\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F474D4-79B6-4525-983C-9A9011BD958B\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA106015\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://supportportal.juniper.net/JSA106015\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-15T20:44:24.800966Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-15T20:44:26.736Z\"}}], \"cna\": {\"title\": \"Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash\", \"source\": {\"defect\": [\"1882028\"], \"advisory\": \"JSA106015\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 8.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.4R3-S8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2-S3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4\", \"lessThan\": \"24.4R2-S2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"25.2\", \"lessThan\": \"25.2R1-S1, 25.2R2\", \"versionType\": \"semver\"}], \"platforms\": [\"SRX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2026-01-14T17:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA106015\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA106015\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\\n\\nIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\\n\\nThis issue affects Junos OS on SRX Series:\\n\\n  *  all versions before 22.4R3-S8,\\n  *  23.2 versions before 23.2R2-S5,\\n  *  23.4 versions before 23.4R2-S6,\\n  *  24.2 versions before 24.2R2-S3,\\n  *  24.4 versions before 24.4R2-S2,\\n  *  25.2 versions before 25.2R1-S1, 25.2R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\u003cbr\u003e\u003cbr\u003eIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series:\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-667\", \"description\": \"CWE-667 Improper Locking\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue the device needs to be configured with a GTP profile as follows:\\n\\n[ security policies ... policy \u003cpolicy-name\u003e then permit application-services gtp-profile \u003cprofile-name\u003e ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be exposed to this issue the device needs to be configured with a GTP profile as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security policies ... policy \u0026lt;policy-name\u0026gt; then permit application-services gtp-profile \u0026lt;profile-name\u0026gt; ]\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2026-01-15T20:25:35.725Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-21914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-15T20:44:30.550Z\", \"dateReserved\": \"2026-01-05T17:32:48.711Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2026-01-15T20:25:35.725Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…