FKIE_CVE-2026-21917

Vulnerability from fkie_nvd - Published: 2026-01-15 21:16 - Updated: 2026-01-23 19:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,  * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos are also affected, but no fix is available.
References
sirt@juniper.nethttps://kb.juniper.net/JSA105996Vendor Advisory
sirt@juniper.nethttps://supportportal.juniper.net/JSA105996Vendor Advisory
Impacted products
Vendor Product Version
juniper junos 23.2
juniper junos 23.2
juniper junos 23.2
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper srx1500 -
juniper srx1600 -
juniper srx2300 -
juniper srx300 -
juniper srx320 -
juniper srx340 -
juniper srx345 -
juniper srx380 -
juniper srx4100 -
juniper srx4120 -
juniper srx4200 -
juniper srx4300 -
juniper srx4600 -
juniper srx4700 -
juniper srx5400 -
juniper srx5600 -
juniper srx5800 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "B3B6C811-5C10-4486-849D-5559B592350A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "078D61B9-A228-453C-9D20-6F9C6B20637F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "F1F136A0-021D-43FE-BDD3-AD7201F7FC03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "166BFDB3-1945-4949-BC2B-E18442FF2E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "5923610F-878C-48CA-8B5D-9C609E4DD4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A7C207E3-0252-4192-8E8C-E2ED2831B4F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "E6974492-FE69-4340-8881-61C3329C1545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "89524D6D-0B22-4952-AD8E-8072C5A05D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "AD69A194-1B03-44EA-8092-79BD10C6F729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8463ADB4-B8A7-4D63-97A9-232ED713A21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "FE68337F-106E-4317-A5B6-292B0159F577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "266B520A-482A-43F7-90F8-B9D64D30034F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "AC78BC9E-5DA7-4E42-9923-B49A0B7F3564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0EEF1798-F3C2-4645-96E7-1E82368B184D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5942B6E-AFC7-40E4-8007-68C804BD52E3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u00a0\n  *  23.4 versions from 23.4R2-S1 before 23.4R2-S5,\n  *  24.2 versions before 24.2R2-S2,\n  *  24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nEarlier versions of Junos are also affected, but no fix is available."
    }
  ],
  "id": "CVE-2026-21917",
  "lastModified": "2026-01-23T19:41:44.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-15T21:16:07.877",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA105996"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA105996"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1286"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.