6.7

CVE-2026-21901

Junos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash

A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS).

A local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.

This issue affects:
Junos OS:


  *  from 22.3 before 22.3R3-S5;
  *  from 22.4 before 22.4R3-S10;
  *  from 23.2 before 23.2R2-S7;
  *  from 23.4 before 23.4R2-S8.




This issue does not affect Junos OS before 22.3R1.



Junos OS Evolved:
  *  from 22.3R1-EVO before 23.2R2-S7-EVO;
  *  from 23.4 before 23.4R2-S8-EVO.


This issue does not affect Junos OS Evolved before 22.3R1-EVO.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version 22.3
Version < 22.3R3-S5
Status affected
Version 22.4
Version < 22.4R3-S10
Status affected
Version 23.2
Version < 23.2R2-S7
Status affected
Version 23.4
Version < 23.4R2-S8
Status affected
Version 0
Version < 22.3R1
Status unaffected
HerstellerJuniper Networks
Produkt Junos OS Evolved
Default Statusunaffected
Version 23.2
Version < 23.2R2-S7-EVO
Status affected
Version 23.4
Version < 23.4R2-S8-EVO
Status affected
Version 0
Version < 22.3R1-EVO
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net 6.7 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Green
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://github.com/orangecertcc/security-research/security/advisories/GHSA-g4f7-w2rc-hpj6
https://supportportal.juniper.net/JSA110072