CVE 5.5 MEDIUM

Junos OS: MX10k Series: ‘show system firmware’ CLI command may lead to LC480 or LC2101 line card reset_CVE-2026-21912

January 15, 2026 invoker category_cve
5.5 / 10
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset.

On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series: 



* all versions before 21.2R3-S10, 
* from 21.4 before 21.4R3-S9, 
* from 22.2 before 22.2R3-S7, 
* from 22.4 before 22.4R3-S6, 
* from 23.2 before 23.2R2-S2, 
* from 23.4 before 23.4R2-S3, 
* from 24.2 before 24.2R2.

Basic Information

ID CVE-2026-21912
Source juniper
Published Jan 15, 2026 at 20:24
Modified Jan 15, 2026 at 20:50

Affected Product

Vendor Juniper Networks
Product Junos OS
Affected Versions Juniper Networks Junos OS 0
Juniper Networks Junos OS 21.4
Juniper Networks Junos OS 22.2
Juniper Networks Junos OS 22.4
Juniper Networks Junos OS 23.2
Juniper Networks Junos OS 23.4
Juniper Networks Junos OS 24.2

CWE Classification

CWE-367

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.