Juniper Networks PTX Vulnerability Enables Full Router Takeover

A major networking vendor has issued an out-of-cycle security bulletin to address a critical vulnerability in its Junos OS Evolved software, specifically affecting PTX Series platforms.

This flaw, identified as CVE-2026-21902, allows an unauthenticated, remote attacker to execute arbitrary code as the ‘root’ user, effectively granting them complete control over the affected device.

The vulnerability stems from an incorrect permission assignment within the On-Box Anomaly detection framework.

This service, which is designed to identify anomalous behavior on the device, is enabled by default and requires no specific configuration.

According to the security advisory, the On-Box Anomaly detection framework should only be accessible to other internal processes operating within the internal routing instance.

However, due to this vulnerability, the service is inadvertently exposed to external traffic on an external port.

A network-based attacker can exploit this exposure to access and manipulate the service, leading to root-level code execution.

Vulnerability Details

This issue specifically affects Junos OS Evolved version 25.4 on PTX Series devices. It does not impact earlier versions of Junos OS Evolved or the standard Junos OS.

The Juniper Security Incident Response Team (SIRT) noted that this vulnerability was discovered during internal product security testing. There is currently no evidence of active, malicious exploitation in the wild.

Juniper Networks has released software updates to address this critical vulnerability.

Administrators utilizing affected PTX Series devices are strongly urged to upgrade their systems immediately to ensure network security and prevent potential exploitation.

The issue is resolved in versions 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO, as well as all subsequent releases. For organizations unable to immediately apply the patch, Juniper has provided workarounds to mitigate the risk.

Administrators can use access lists or firewall filters to restrict device access, allowing connections only from trusted networks and hosts.

It is crucial to ensure these filters are strictly configured to block all unauthorized traffic. Alternatively, the vulnerable On-Box Anomaly detection service can be manually disabled.

This can be achieved by executing the command “request pfe anomalies disable ” via the device’s command-line interface.

While this mitigates the immediate threat, upgrading to a patched release remains the recommended long-term solution.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Juniper Networks PTX Vulnerability Enables Full Router Takeover appeared first on Cyber Security News.