Vulnerabilities ›

CVE-2026-21917

High

CWE-1286 — Weakness Type

                    Published: Jan 15, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.
This issue affects Junos OS on SRX Series:

* 23.2 versions from 23.2R2-S2 before 23.2R2-S5,
* 23.4 versions from 23.4R2-S1 before 23.4R2-S5,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R1-S3, 24.4R2.

Earlier versions of Junos are also affected, but no fix is available.

🤖 AI Executive Summary

A critical input validation vulnerability in Juniper SRX Series Web-Filtering module allows unauthenticated attackers to trigger Denial-of-Service by sending malformed SSL packets, causing Forwarding Plane Card (FPC) crashes. This affects multiple Junos OS versions with patches available for recent releases but no fixes for earlier versions. Organizations using SRX devices for UTM Web-Filtering face immediate service disruption risks.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 3, 2026 21:35

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations heavily dependent on Juniper SRX devices for network security face significant operational risk. Critical impact sectors include: Banking (SAMA-regulated institutions relying on SRX for transaction security), Government (NCA-supervised agencies using SRX for network perimeter defense), Energy Sector (ARAMCO and downstream operators using SRX for critical infrastructure protection), Telecommunications (STC and other telecom providers using SRX for customer traffic filtering), and Healthcare (SEHA facilities using SRX for patient data protection). The DoS vulnerability could disrupt critical services, compromise compliance with SAMA CSF and NCA ECC 2024 requirements, and impact business continuity for essential services.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Energy and Utilities Telecommunications Healthcare Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1499.004 - Application Exhaustion Flood T1561 - Disk Wipe T1529 - System Shutdown/Reboot

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all SRX Series devices running affected Junos versions (23.2R2-S2 through S4, 23.4R2-S1 through S4, 24.2 before R2-S2, 24.4 before R1-S3/R2)

2. Disable UTM Web-Filtering on non-critical SRX devices until patching is complete

3. Implement network-level access controls to restrict untrusted SSL traffic to SRX devices

4. Enable FPC crash monitoring and alerting



PATCHING GUIDANCE:

1. Upgrade to patched versions: 23.2R2-S5 or later, 23.4R2-S5 or later, 24.2R2-S2 or later, 24.4R1-S3/R2 or later

2. Schedule maintenance windows for SRX upgrades with redundancy failover

3. Test patches in lab environment before production deployment

4. For earlier versions with no available fix, implement compensating controls



COMPENSATING CONTROLS:

1. Deploy upstream traffic filtering to block malformed SSL packets before reaching SRX

2. Implement rate limiting on SSL connections to SRX Web-Filtering module

3. Configure FPC restart monitoring with automated failover to backup SRX

4. Use Juniper's SSL packet validation bypass if available in your version



DETECTION RULES:

1. Monitor for FPC crashes/restarts correlated with SSL traffic anomalies

2. Alert on repeated connection resets from same source IP to SRX Web-Filtering port

3. Track malformed SSL packet patterns in SRX logs (search for SSL parsing errors)

4. Implement IDS signatures for malformed SSL packet detection upstream

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة SRX التي تعمل بإصدارات Junos المتأثرة (23.2R2-S2 إلى S4، 23.4R2-S1 إلى S4، 24.2 قبل R2-S2، 24.4 قبل R1-S3/R2)

2. تعطيل تصفية الويب UTM على أجهزة SRX غير الحرجة حتى اكتمال التصحيح

3. تطبيق عناصر تحكم الوصول على مستوى الشبكة لتقييد حركة SSL غير الموثوقة إلى أجهزة SRX

4. تفعيل مراقبة التنبيهات لانهيار FPC

إرشادات التصحيح:

1. الترقية إلى الإصدارات المصححة: 23.2R2-S5 أو أحدث، 23.4R2-S5 أو أحدث، 24.2R2-S2 أو أحدث، 24.4R1-S3/R2 أو أحدث

2. جدولة نوافذ الصيانة لترقيات SRX مع تحويل الفشل الزائد

3. اختبار التصحيحات في بيئة المختبر قبل النشر الإنتاجي

4. للإصدارات الأقدم بدون إصلاح متاح، تطبيق عناصر تحكم تعويضية

عناصر التحكم التعويضية:

1. نشر تصفية حركة المرور في المنطقة العليا لحجب حزم SSL المعيبة قبل وصولها إلى SRX

2. تطبيق تحديد معدل على اتصالات SSL إلى وحدة تصفية الويب SRX

3. تكوين مراقبة إعادة تشغيل FPC مع تحويل فشل آلي إلى SRX احتياطي

4. استخدام تجاوز التحقق من حزم SSL من Juniper إن توفر في إصدارك

قواعد الكشف:

1. مراقبة انهيارات/إعادة تشغيل FPC المرتبطة بشذوذ حركة SSL

2. التنبيه على إعادة تعيين الاتصال المتكررة من نفس عنوان IP المصدر إلى منفذ تصفية الويب SRX

3. تتبع أنماط حزم SSL المعيبة في سجلات SRX (البحث عن أخطاء تحليل SSL)

4. تطبيق توقيعات IDS للكشف عن حزم SSL المعيبة في المنطقة العليا

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.13.1.3 - Segregation of networks ECC 2024 A.14.2.1 - Information security incident management

🔵 SAMA CSF

SAMA CSF ID.RA-1 - Asset Management and Inventory SAMA CSF PR.IP-12 - Vulnerability Management SAMA CSF DE.CM-8 - Vulnerability Scanning SAMA CSF RS.MI-2 - Incident Response and Recovery

🟡 ISO 27001:2022

ISO 27001:2022 A.12.3.1 - Segregation of networks ISO 27001:2022 A.14.2.1 - Information security incident management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.8.1.3 - Segregation of duties

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Ensure security patches are installed PCI DSS 11.2 - Run automated vulnerability scans PCI DSS 12.3 - Establish information security policy

🔗 References & Sources 2

🔗

https://kb.juniper.net/JSA105996

sirt@juniper.net

Vendor Advisory

🔗

https://supportportal.juniper.net/JSA105996

sirt@juniper.net

Vendor Advisory

📦 Affected Products / CPE 17 entries

juniper:junos:23.2

juniper:junos:23.4

juniper:junos:24.2

juniper:junos:24.4

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-1286

EPSS0.04%

Exploit No

Patch ✓ Yes

Published 2026-01-15

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-1286

🏢 Vendor Advisories

🔗 https://kb.juniper.net/JSA105996 🔗 https://supportportal.juniper.net/JSA105996

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-21917

💬 Comments

Introduce Yourself

Sign In Required