📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h
Vulnerabilities

CVE-2026-21913

High
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a De
CWE-665 — Weakness Type
Published: Jan 15, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.




The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:

  reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump




This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:



* 24.4 versions before 24.4R2,
* 25.2 versions before 25.2R1-S2, 25.2R2.




This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.

🤖 AI Executive Summary

A resource initialization vulnerability in Juniper Networks Junos OS on EX4000 48-port models allows unauthenticated network-based attackers to trigger a Denial-of-Service by sending high-volume traffic, causing FXPC crashes and complete service outages. Affected versions include Junos 24.4 before 24.4R2 and 25.2 before 25.2R1-S2/25.2R2. While no public exploit exists, the attack requires only network access and causes immediate operational disruption.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 21:36
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations operating Juniper EX4000 switches in critical infrastructure face significant operational risk. Primary impact sectors: (1) Banking/SAMA-regulated institutions using EX4000 for core network infrastructure; (2) Government/NCA networks and data centers; (3) Saudi Aramco and energy sector critical infrastructure; (4) Telecom operators (STC, Mobily, Zain) using EX4000 in backbone networks; (5) Healthcare facilities dependent on network availability for patient care systems. The vulnerability enables complete service outages without authentication, directly impacting business continuity and regulatory compliance (SAMA CSF, NCA ECC 2024).
🏢 Affected Saudi Sectors
Banking and Financial Services (SAMA-regulated) Government and Public Administration (NCA oversight) Energy and Oil & Gas (Saudi Aramco, critical infrastructure) Telecommunications (STC, Mobily, Zain) Healthcare and Medical Facilities Data Centers and Cloud Infrastructure Critical Infrastructure Operators
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all EX4000-48T, EX4000-48P, and EX4000-48MP devices in your environment running Junos 24.4 (before 24.4R2) or 25.2 (before 25.2R1-S2 or 25.2R2)

2. Implement network-based rate limiting and traffic filtering at upstream devices to restrict high-volume traffic destined to affected switches

3. Enable DDoS mitigation policies on border routers/firewalls to drop suspicious high-volume traffic patterns

4. Implement access control lists (ACLs) to restrict traffic destined to management interfaces



PATCHING GUIDANCE:

1. Upgrade immediately to Junos 24.4R2 or later for 24.4 branch devices

2. Upgrade to Junos 25.2R1-S2, 25.2R2, or later for 25.2 branch devices

3. Schedule maintenance windows during low-traffic periods to minimize business impact

4. Test patches in lab environment before production deployment



COMPENSATING CONTROLS (if immediate patching not possible):

1. Deploy traffic shaping policies limiting ingress traffic rates to affected devices

2. Implement strict ingress filtering (BCP 38/RFC 2827) at network perimeter

3. Configure SNMP rate limiting and disable unnecessary services

4. Monitor 'show chassis routing-engine' output for watchdog panic messages (reason=0x4000002)

5. Implement automated failover to redundant switches if available



DETECTION RULES:

1. Monitor for sudden FXPC restarts with watchdog panic (reason=0x4000002) in syslog

2. Alert on sustained high-volume traffic destined to EX4000 management IP addresses

3. Track device uptime anomalies and unexpected reboots

4. Monitor CPU and memory utilization spikes preceding crashes

5. Implement NetFlow/sFlow monitoring to detect traffic anomalies
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. حدد جميع أجهزة EX4000-48T و EX4000-48P و EX4000-48MP في بيئتك التي تعمل بـ Junos 24.4 (قبل 24.4R2) أو 25.2 (قبل 25.2R1-S2 أو 25.2R2)

2. طبق تحديد معدل حركة المرور والتصفية على الأجهزة العلوية لتقييد حركة المرور عالية الحجم الموجهة للمفاتيح المتأثرة

3. فعّل سياسات التخفيف من هجمات DDoS على موجهات الحدود/جدران الحماية لإسقاط أنماط حركة المرور المريبة

4. طبق قوائم التحكم في الوصول (ACLs) لتقييد حركة المرور الموجهة لواجهات الإدارة



إرشادات التصحيح:

1. قم بالترقية فوراً إلى Junos 24.4R2 أو إصدار أحدث لأجهزة فرع 24.4

2. قم بالترقية إلى Junos 25.2R1-S2 أو 25.2R2 أو إصدار أحدث لأجهزة فرع 25.2

3. جدول نوافذ الصيانة خلال فترات حركة المرور المنخفضة

4. اختبر التصحيحات في بيئة المختبر قبل النشر في الإنتاج



الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. نشر سياسات تشكيل حركة المرور لتحديد معدلات حركة المرور الواردة للأجهزة المتأثرة

2. طبق التصفية الصارمة للدخول (BCP 38/RFC 2827) على محيط الشبكة

3. كوّن تحديد معدل SNMP وعطّل الخدمات غير الضرورية

4. راقب مخرجات 'show chassis routing-engine' للبحث عن رسائل ذعر watchdog (reason=0x4000002)

5. طبق الإجراء الفوري التلقائي على المفاتيح المكررة إن أمكن



قواعد الكشف:

1. راقب إعادة تشغيل FXPC المفاجئة مع ذعر watchdog (reason=0x4000002) في syslog

2. أصدر تنبيهات لحركة المرور عالية الحجم المستمرة الموجهة لعناوين IP إدارة EX4000

3. تتبع شذوذ وقت التشغيل وإعادة التشغيل غير المتوقعة

4. راقب ارتفاعات استخدام CPU والذاكرة التي تسبق الأعطال

5. طبق مراقبة NetFlow/sFlow للكشف عن شذوذ حركة المرور
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.13.1.1 - Network security perimeter ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.BE-5 - Organizational resilience objectives SAMA CSF PR.IP-12 - Information and records management SAMA CSF DE.CM-1 - The network is monitored for unauthorized connections SAMA CSF RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.13.1.1 - Network security perimeter ISO 27001:2022 A.14.2.1 - Availability and resilience
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning
📦 Affected Products / CPE 8 entries
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:25.2
juniper:junos:25.2
juniper:junos:25.2
juniper:junos:25.2
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityN — None / Network
IntegrityN — None / Network
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-665
EPSS0.02%
Exploit No
Patch ✓ Yes
Published 2026-01-15
Source Feed nvd
Views 6
🇸🇦 Saudi Risk Score
8.2
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
CWE-665
🏢 Vendor Advisories
🔗 https://kb.juniper.net/JSA106014 🔗 https://supportportal.juniper.net/JSA106014
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.