CVE-2026-21901
MEDIUM
4.4
CVSS 3.1
Description
A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker setting or deactivating a specific SSH configuration parameter to create a Denial of Service (DoS).
A local high-privileged user configuring or deactivating a specific 'system services ssh' configuration parameter can exploit a null pointer dereference in one of the functions used by SSH. The function attempts to dereference a null pointer when accessing certain configuration data, resulting in an mgd process crash and restart. Continued execution of these configuration commands will create a sustained Denial of Service (DoS) condition.
This issue affects:
Junos OS:
* from 22.3 before 22.3R3-S5;
* from 22.4 before 22.4R3-S10;
* from 23.2 before 23.2R2-S7;
* from 23.4 before 23.4R2-S8.
This issue does not affect Junos OS before 22.3R1.
Junos OS Evolved:
* from 22.3R1-EVO before 23.2R2-S7-EVO;
* from 23.4 before 23.4R2-S8-EVO.
This issue does not affect Junos OS Evolved before 22.3R1-EVO.
Metadata
Severity & Metrics
4.4
MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected products (2)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Juniper Networks | Junos OS | — | 22.3 < 22.3R3-S5, 22.4 < 22.4R3-S10, 23.2 < 23.2R2-S7, 23.4 < 23.4R2-S8 … |
| Juniper Networks | Junos OS Evolved | — | 23.2 < 23.2R2-S7-EVO, 23.4 < 23.4R2-S8-EVO, 0 < 22.3R1-EVO |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-476 | cna | CWE-476 NULL Pointer Dereference |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.7 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:M/U:Green |
| 4.4 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
References (2)