FKIE_CVE-2026-21920

Vulnerability from fkie_nvd - Published: 2026-01-15 21:16 - Updated: 2026-01-23 18:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.
References
sirt@juniper.nethttps://kb.juniper.net/JSA106020Vendor Advisory
sirt@juniper.nethttps://supportportal.juniper.net/JSA106020Vendor Advisory
Impacted products
Vendor Product Version
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 23.4
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.2
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper junos 24.4
juniper srx1500 -
juniper srx1600 -
juniper srx2300 -
juniper srx300 -
juniper srx320 -
juniper srx340 -
juniper srx345 -
juniper srx380 -
juniper srx4100 -
juniper srx4120 -
juniper srx4200 -
juniper srx4300 -
juniper srx4600 -
juniper srx4700 -
juniper srx5400 -
juniper srx5600 -
juniper srx5800 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "78481ABC-3620-410D-BC78-334657E0BB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "BE8A5BA3-87BD-473A-B229-2AAB2C797005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8B74AC3E-8FC9-400A-A176-4F7F21F10756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "CB2D1FCE-8019-4CE1-BA45-D62F91AF7B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "175CCB13-76C0-44A4-A71D-41E22B92EB23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "166BFDB3-1945-4949-BC2B-E18442FF2E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "5923610F-878C-48CA-8B5D-9C609E4DD4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A7C207E3-0252-4192-8E8C-E2ED2831B4F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "E6974492-FE69-4340-8881-61C3329C1545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "89524D6D-0B22-4952-AD8E-8072C5A05D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "AD69A194-1B03-44EA-8092-79BD10C6F729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8463ADB4-B8A7-4D63-97A9-232ED713A21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "FE68337F-106E-4317-A5B6-292B0159F577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "266B520A-482A-43F7-90F8-B9D64D30034F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "C452BDCB-34E3-42D3-8909-2312356EB70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "2B8158F2-2028-40E9-955F-CFD581A32F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "1A7233A1-EC7A-4458-9AE1-835480A03A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "D74087E2-5CAA-4085-8408-EB70EC1D5D91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5942B6E-AFC7-40E4-8007-68C804BD52E3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\n\nIf an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n\n\n  *  23.4 versions before 23.4R2-S5,\n  *  24.2 versions before 24.2R2-S1,\n  *  24.4 versions before 24.4R2.\n\n\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1."
    }
  ],
  "id": "CVE-2026-21920",
  "lastModified": "2026-01-23T18:51:59.987",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-15T21:16:08.217",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA106020"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://supportportal.juniper.net/JSA106020"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-252"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.