—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Juniper Networks Junos OS and Junos OS Evolved denial of service Vulnerability 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Junos OS: 

from 23.2R2-S1 before 23.2R2-S5, 

from 23.4R2 before 23.4R2-S6, 

from 24.2 before 24.2R2-S3, 

from 24.4 before 24.4R2-S1, 

from 25.2 before 25.2R1-S2, 25.2R2; 

Junos OS Evolved:

from 23.2R2-S1 before 23.2R2-S5-EVO, 

from 23.4R2 before 23.4R2-S6-EVO, 

from 24.2 before 24.2R2-S3-EVO, 

from 24.4 before 24.4R2-S1-EVO, 

from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.

Overview

A use-after-free vulnerability has been reported in Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-adjacent attacker to crash the 802.1X dot1xd process or potentially execute arbitrary code as root, resulting in a Denial of Service.

Target Audience:

Network administrators, security engineers, SOC analysts, and IT operations teams responsible for managing and securing Juniper Networks Junos OS and Junos OS Evolved devices.

Risk Assessment:

High risks of service interruption and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity and availability of the system.

Description

This vulnerability exists in Juniper Networks Junos OS and Junos OS Evolved due to an use-after-free was identified in the 802.1X authentication daemon (dot1xd). An authenticated, network-adjacent attacker can exploit this vulnerability to execute arbitrary code within the context of the process which runs with root privileges.

Successful exploitation of this vulnerability could allow to an attacker to flap a port causing the dot1xd process to crash and resulting in a Denial of Service (DoS).

Solution

Apply appropriate updates as mentioned in:

The following software releases have been updated to resolve this specific issue:

Junos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.

Junos OS Evolved: 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO

Vendor Information

Juniper

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908

References

Juniper

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908

CVE Name

CVE-2026-21908

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml8oQYACgkQ3jCgcSdc

ys/RNg//cGlArR2q8GsBPGkXjVPRCLUWL/TvmyH1+102Sj3qA3YXGWtPgigJicWW

j/Q8/wiFXuVYKdn+bLYeovn6O6k+G610bn2i5nFeC+0b+AsCzZpl1WKbbCiJQUoW

Udd+oJWotBqud2i10UNPtH+JanpxyWUbMvprUSkg6pFNN5rdqZBGimOBbx5YjNXr

WBguIPsBQhnPn2GDw3/hXKv6W001Jp0L2KsY+ObXOtri7gqEDdb8XSZBYq5Lp9rN

8+gGXMDAJyoWQB8szMpQU4YLrIWB7dROyyq4DR5BEHkBPIEucQhvlhVZWcwFZiBG

/HaGoPGAwVUIOTXqVjVkVOXmV5znt0O4jB/JloLqSDLYzN2U/SKCgligNhIXGZ0o

Mf12kUAMRx6YRp6sNHgOWUM7CEeazuwl6rk/QBsh2eQ+8I/ixokuwBNZlrC7AjjZ

qN6Zs7OGAP4Y0B05sAlNznU3ATL3ZXoT/ZajvY2HAipR9frGnQuA/1x1cXFozxgR

uAjE0/Vp9OtOkoiJYJ+AEAXJodQRrtmeiUtWZ5LRIBmC/XGrT0Kmd0fQe4i/j+Ck

0SvqjD+qGGQRW+9Zeh5rek0HYD1ImN6IrKPmlhH+g1YTBwNxXEnhQ4cAZRtC8INZ

hQkHg96s+3va3plRUnvkiIS20RdChrvh9cgDnw4q6RoMazZfANs=

=6B4f

—–END PGP SIGNATURE—–