Community Firewalls, Community Entry Management
,
Safety Operations
Juniper Tells Clients to Tune Their Firewall
A important vulnerability in Juniper Networks’ major working system might give menace actors root stage privileges to execute code on Juniper’s PTX Sequence routers.
See Additionally: Securing Affected person Information: Shared Accountability in Motion
Tracked as CVE-2026-21902 with a CVSS rating of 9.3, the flaw derives from an improper permission task in Junos OS Developed – particularly within the On-Field Anomaly Detection framework that handles inside monitoring and must be accessible solely from an inside routing interface.
Researchers at watchTowr notified the corporate of the flaw. Juniper in a Tuesday advisory informed clients to filter entry by means of entry lists or firewalls and that it’s going to later develop a patch.
For the reason that service runs as root and enabled by default, profitable exploitation would give attackers full command and management over units with out the necessity for authentication. In a technical evaluation of the flaw, watchTowr researchers mentioned the framework was by no means objective constructed to be accessible in typical deployments however could possibly be made accessible, relying on the OS configuration.
The flaw impacts variations 25.4R1-S1-EVO and 25.4R2-EVO on PTX routers. Older variations could also be impacted however no proof of energetic exploitation within the wild has been reported, Juniper mentioned.
Non-Developed variations of Junos OS – something launched earlier than 25.4R1-EVO – have proven “no indicators of affect,” with Juniper’s safety response staff reporting no “malicious exploitation of the vulnerability on the time of publishing the safety bulletin.”
The PTX sequence routers are high-performance core and peering routers primarily used as service supplier backbones, in telecom environments or at information facilities, managing site visitors on commercial-scale, carrier-grade and hyper scale environments.
Profitable exploitation of CVE-2026-21902 not solely permits an attacker to ascertain persistence with minimal authentication but additionally manipulate, intercept and reroute site visitors whereas traversing a company’s infrastructure.
