"The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device."
"Please note that this service is enabled by default as no specific configuration is required. Juniper Networks said CVE-2026-21902 was discovered internally and there is no evidence of in-the-wild exploitation."
Juniper Networks released an out-of-band update addressing CVE-2026-21902, a critical vulnerability affecting Junos OS Evolved on PTX series routers. The flaw exists in the On-Box Anomaly detection framework, which should only be accessible by internal processes but is exposed over an external port. Unauthenticated attackers with network access can exploit this to execute arbitrary code with root privileges and gain complete device control. The service is enabled by default without requiring specific configuration. Patched versions 25.4R1-S1-EVO and 25.4R2-EVO are now available. Juniper discovered the vulnerability internally with no evidence of active exploitation, though Juniper products have historically been targeted by threat actors.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]