This flaw, identified as CVE-2026-21902, allows an unauthenticated, remote attacker to execute arbitrary code as the ‘root’ user, effectively granting them complete control over the affected device.
The vulnerability stems from an incorrect permission assignment within the On-Box Anomaly detection framework.
This service, which is designed to identify anomalous behavior on the device, is enabled by default and requires no specific configuration.
According to the security advisory, the On-Box Anomaly detection framework should only be accessible to other internal processes operating within the internal routing instance.
However, due to this vulnerability, the service is inadvertently exposed to external traffic on an external port.
A network-based attacker can exploit this exposure to access and manipulate the service, leading to root-level code execution.
This issue specifically affects Junos OS Evolved version 25.4 on PTX Series devices. It does not impact earlier versions of Junos OS Evolved or the standard Junos OS.
The Juniper Security Incident Response Team (SIRT) noted that this vulnerability was discovered during internal product security testing. There is currently no evidence of active, malicious exploitation in the wild.
Juniper Networks has released software updates to address this critical vulnerability.
Administrators utilizing affected PTX Series devices are strongly urged to upgrade their systems immediately to ensure network security and prevent potential exploitation.
The issue is resolved in versions 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO, as well as all subsequent releases. For organizations unable to immediately apply the patch, Juniper has provided workarounds to mitigate the risk.
Administrators can use access lists or firewall filters to restrict device access, allowing connections only from trusted networks and hosts.
It is crucial to ensure these filters are strictly configured to block all unauthorized traffic. Alternatively, the vulnerable On-Box Anomaly detection service can be manually disabled.
This can be achieved by executing the command “request pfe anomalies disable ” via the device’s command-line interface.
While this mitigates the immediate threat, upgrading to a patched release remains the recommended long-term solution.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Juniper Networks PTX Vulnerability Enables Full Router Takeover appeared first on Cyber Security News.
The Mandalorian & Grogu is coming to theaters on May 22, but before then you…
If you frequently bring several electronics along with you on your travels but you don't…
Disney+ is offering subscribers a free Marvel Rivals skin through its Disney+ Perks program. The…
There has been a ton of buzz around Dishonored's future, following a rather innocuous post…
Capcom wants players to know that old age won't keep Leon Kennedy out of games…
Managed Security Service Providers (MSSPs) sit at the sharpest edge of today’s cyber risk curve.…
This website uses cookies.