Full Report
Juniper Networks security advisory (AV26-172)
Analysis Summary
# Vulnerability: Remote Code Execution in Junos OS Evolved (PTX Series)
## CVE Details
- **CVE ID:** CVE-2026-21902
- **CVSS Score:** 9.8 (Critical)
- **CWE:** Not specified in the advisory (typically associated with Improper Input Validation or Buffer Overflow leading to RCE)
## Affected Systems
- **Products:** Junos OS Evolved on PTX Series
- **Versions:** 25.4 versions prior to 25.4R1-S1-EVO and 25.4R2-EVO
- **Configurations:** Systems running Junos OS Evolved on PTX Series hardware platforms.
## Vulnerability Description
This is a critical vulnerability in Junos OS Evolved specifically affecting PTX Series devices. The flaw allows an unauthenticated, network-based attacker to execute arbitrary code with root privileges. While specific technical details regarding the vulnerable component (e.g., a specific protocol daemon or management interface) were not disclosed in the summary, the "root" execution context indicates a complete compromise of the underlying operating system.
## Exploitation
- **Status:** Not explicitly stated as exploited in the wild (refer to Juniper's full advisory for real-time updates)
- **Complexity:** Low (implied by CVSS 9.8)
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Full access to system data and traffic)
- **Integrity:** High (Ability to modify configurations and system binaries)
- **Availability:** High (Ability to cause permanent denial of service or device failure)
## Remediation
### Patches
Juniper Networks has released the following updated versions to address this vulnerability:
- **Junos OS Evolved 25.4R1-S1-EVO**
- **Junos OS Evolved 25.4R2-EVO**
### Workarounds
The provided advisory does not list specific workarounds. Standard hardening practices for Junos OS evolved usually include:
- Restricting management access (SSH, HTTPS) to trusted networks using Firewall Filters (ACLs).
- Disabling unused services and protocols.
## Detection
- **Indicators of Compromise:** Monitor for unusual root-level activity, unauthorized configuration changes, or unexpected outbound connections from the PTX device.
- **Detection methods and tools:** Review Syslog for crashes in system processes or unauthorized login attempts. Validate the integrity of the Junos OS Evolved image.
## References
- **Vendor advisory:** hxxps[://]supportportal[.]juniper[.]net/s/article/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902
- **CCCS Bulletin:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/juniper-networks-security-advisory-av26-172
- **Juniper Security Portal:** hxxps[://]supportportal[.]juniper[.]net/s/global-search/%40uri#sort=relevancy&f:ctype=[Security%20Advisories]