📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h Global general Technology and Artificial Intelligence MEDIUM 1h Global general Technology and Artificial Intelligence HIGH 2h Global vulnerability Higher Education CRITICAL 11h Global data_breach Government HIGH 12h Global supply_chain Software Development and Open Source Communities CRITICAL 12h Global malware Software Development CRITICAL 12h Global phishing Multiple Sectors HIGH 13h Global vulnerability Web Applications CRITICAL 13h Global apt Critical Infrastructure CRITICAL 13h Global ransomware Multiple sectors CRITICAL 14h
Vulnerabilities

CVE-2026-21914

High
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series d
CWE-667 — Weakness Type
Published: Jan 15, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).

If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.

This issue affects Junos OS on SRX Series:

* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S2,
* 25.2 versions before 25.2R1-S1, 25.2R2.

🤖 AI Executive Summary

A critical Denial-of-Service vulnerability exists in Juniper SRX Series firewalls affecting GTP protocol handling. Unauthenticated attackers can send malformed GTP Modify Bearer Request messages to trigger a lock acquisition failure, causing watchdog timeouts, FPC crashes, and complete traffic outages. This vulnerability impacts telecom and mobile network operators across Saudi Arabia with immediate patching required.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 21:36
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses severe risk to Saudi telecom operators (STC, Mobily, Zain) and mobile network infrastructure. SRX Series devices are widely deployed as border gateways and GTP firewalls in 4G/5G networks. A successful attack causes complete traffic outage affecting millions of subscribers. Government entities using SRX for critical network infrastructure (NCA, CITC oversight) and financial institutions with mobile banking services face significant operational disruption. Energy sector (ARAMCO) and healthcare networks relying on mobile connectivity are also at risk.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain) Mobile Network Operators Government (NCA, CITC) Banking and Financial Services Energy (ARAMCO) Healthcare Critical Infrastructure
⚖️ Saudi Risk Score (AI)
8.5
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:

1. Identify all SRX Series devices running affected Junos OS versions (pre-22.4R3-S8, 23.2 pre-23.2R2-S5, 23.4 pre-23.4R2-S6, 24.2 pre-24.2R2-S3, 24.4 pre-24.4R2-S2, 25.2 pre-25.2R1-S1/25.2R2)

2. Prioritize patching based on GTP traffic exposure and criticality

3. Implement GTP traffic filtering at upstream devices to block malformed Modify Bearer Request messages



PATCHING GUIDANCE:

1. Apply vendor patches immediately: upgrade to 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, or 25.2R1-S1/25.2R2

2. Schedule maintenance windows for production SRX devices

3. Test patches in lab environment before production deployment

4. Maintain rollback procedures



COMPENSATING CONTROLS (if patching delayed):

1. Implement GTP deep packet inspection (DPI) rules to detect and drop malformed Modify Bearer Request messages

2. Configure rate limiting on GTP traffic to reduce attack surface

3. Deploy GTP traffic monitoring and alerting for anomalous patterns

4. Implement access control lists (ACLs) to restrict GTP sources to trusted peers

5. Enable FPC watchdog logging and monitoring for early detection



DETECTION RULES:

1. Monitor for repeated FPC crashes/restarts on SRX devices

2. Alert on GTP Modify Bearer Request messages with malformed headers or invalid field values

3. Track lock contention metrics and thread blocking events

4. Monitor for sustained high CPU utilization followed by watchdog timeouts

5. Implement IDS/IPS signatures for malformed GTP protocol messages
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. تحديد جميع أجهزة SRX Series التي تعمل بإصدارات Junos OS المتأثرة

2. تحديد أولويات التصحيح بناءً على تعرض حركة مرور GTP والأهمية الحرجة

3. تنفيذ تصفية حركة مرور GTP على الأجهزة العليا لحظر رسائل Modify Bearer Request المشوهة



إرشادات التصحيح:

1. تطبيق تصحيحات البائع فوراً: الترقية إلى الإصدارات المصححة المحددة

2. جدولة نوافذ الصيانة لأجهزة SRX الإنتاجية

3. اختبار التصحيحات في بيئة المختبر قبل نشرها في الإنتاج

4. الحفاظ على إجراءات الاسترجاع



الضوابط البديلة (إذا تأخر التصحيح):

1. تنفيذ فحص حزم GTP العميق (DPI) لكشف ورفع رسائل Modify Bearer Request المشوهة

2. تكوين تحديد معدل حركة مرور GTP لتقليل سطح الهجوم

3. نشر مراقبة حركة مرور GTP والتنبيهات للأنماط الشاذة

4. تنفيذ قوائم التحكم في الوصول (ACLs) لتقييد مصادر GTP للأقران الموثوقين

5. تفعيل تسجيل مراقبة FPC والمراقبة للكشف المبكر



قواعد الكشف:

1. مراقبة أعطال/إعادة تشغيل FPC المتكررة على أجهزة SRX

2. التنبيه على رسائل GTP Modify Bearer Request ذات الرؤوس المشوهة أو قيم الحقول غير الصحيحة

3. تتبع مقاييس تنافس الأقفال وأحداث حجب الخيوط

4. مراقبة استخدام CPU المرتفع المستمر متبوعاً بانقطاع المراقبة

5. تنفيذ توقيعات IDS/IPS لرسائل بروتوكول GTP المشوهة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.13.1.3 - Segregation of networks ECC 2024 A.14.2.1 - Information security incident management
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Resilience objectives and priorities SAMA CSF PR.IP-12 - Information and records management SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events SAMA CSF RS.MI-1 - Incidents are contained
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.13.1.3 - Segregation of networks ISO 27001:2022 A.16.1.5 - Response to information security incidents
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning and remediation
📦 Affected Products / CPE 50 entries
juniper:junos
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:22.4
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.2
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:23.4
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.2
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:24.4
juniper:junos:25.2
juniper:junos:25.2
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityN — None / Network
IntegrityN — None / Network
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-667
EPSS0.02%
Exploit No
Patch ✓ Yes
Published 2026-01-15
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
8.5
/ 10.0 — Saudi Risk
Priority: CRITICAL
🏷️ Tags
CWE-667
🏢 Vendor Advisories
🔗 https://kb.juniper.net/JSA106015 🔗 https://supportportal.juniper.net/JSA106015
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.