CVE-2026-21908 (CNNVD-202601-2538)
中文标题:
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 资源管理错误漏洞
英文标题:
Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process
漏洞描述
中文描述:
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Juniper Networks Junos OS Evolved是Junos OS 的升级版系统。 Juniper Networks Junos OS和Juniper Networks Junos OS Evolved存在资源管理错误漏洞,该漏洞源于802.1X身份验证守护进程存在释放后重用,可能导致拒绝服务或执行任意代码。以下版本受到影响:Juniper Networks Junos OS 23.2R2-S5之前版本、23.4R2-S6之前版本、24.2R2-S3之前版本、24.4R2-S1之前版本、25.2R1-S2和25.2R2之前版本和Junos OS Evolved 23.2R2-S5-EVO之前版本、23.4R2-S6-EVO之前版本、24.2R2-S3-EVO之前版本、24.4R2-S1-EVO之前版本、25.2R1-S2-EVO和25.2R2-EVO之前版本。
英文描述:
A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root. The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path. This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled. This issue affects: Junos OS: * from 23.2R2-S1 before 23.2R2-S5, * from 23.4R2 before 23.4R2-S6, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S1, * from 25.2 before 25.2R1-S2, 25.2R2; Junos OS Evolved: * from 23.2R2-S1 before 23.2R2-S5-EVO, * from 23.4R2 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S3-EVO, * from 24.4 before 24.4R2-S1-EVO, * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Juniper Networks | Junos OS | - | < 23.2R2-S5 | - |
cpe:2.3:a:juniper_networks:junos_os:*:*:*:*:*:*:*:*
|
| Juniper Networks | Junos OS Evolved | - | < 23.2R2-S5-EVO | - |
cpe:2.3:a:juniper_networks:junos_os_evolved:*:*:*:*:*:*:*:*
|
| juniper | junos | 23.2 | - | - |
cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*
|
| juniper | junos | 23.4 | - | - |
cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
|
| juniper | junos | 24.2 | - | - |
cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*
|
| juniper | junos | 24.4 | - | - |
cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:*
|
| juniper | junos | 25.2 | - | - |
cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:*
|
| juniper | junos_os_evolved | 23.2 | - | - |
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*
|
| juniper | junos_os_evolved | 23.4 | - | - |
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
|
| juniper | junos_os_evolved | 24.2 | - | - |
cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*
|
| juniper | junos_os_evolved | 24.4 | - | - |
cpe:2.3:o:juniper:junos_os_evolved:24.4:-:*:*:*:*:*:*
|
| juniper | junos_os_evolved | 25.2 | - | - |
cpe:2.3:o:juniper:junos_os_evolved:25.2:-:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 (cna)
HIGHCVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-21908 |
2026-01-16 02:21:11 | 2026-01-16 02:44:26 |
| NVD | nvd_CVE-2026-21908 |
2026-01-16 02:47:34 | 2026-01-16 02:48:09 |
| CNNVD | cnnvd_CNNVD-202601-2538 |
2026-01-19 09:28:44 | 2026-01-19 09:29:39 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 2 -> 12
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-202601-2538
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 10 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']