Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Lifecycle Timeline
4DescriptionCVE.org
An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS).
When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again.
This issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600:
- 23.2 versions before 23.2R2-S6,
- 23.4 versions before 23.4R2-S7
- 24.2 versions before 24.2R2-S2,
- 24.4 versions before 24.4R2,
- 25.2 versions before 25.2R1-S1, 25.2R2.
AnalysisAI
Denial of service in Juniper Networks Junos OS chassis control daemon (chassisd) on SRX1500, SRX4100, SRX4200, and SRX4600 allows local attackers with low privileges to crash the daemon via a specific 'show chassis' CLI command, causing complete traffic disruption until modules restart. The vulnerability affects Junos OS versions 23.2 before 23.2R2-S6, 23.4 before 23.4R2-S7, 24.2 before 24.2R2-S2, 24.4 before 24.4R2, and 25.2 before 25.2R1-S1 or 25.2R2. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
The vulnerability exists in chassisd, the chassis control daemon responsible for managing hardware components and system state on Juniper SRX Series security appliances. The root cause is classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions), indicating insufficient validation or error handling when processing specific 'show chassis' CLI commands. When the daemon encounters an unexpected condition without proper exception handling, it crashes and enters a restart cycle. During this restart sequence, all traffic forwarding is interrupted until all hardware modules complete their online initialization, creating a complete denial of service condition. This is a local vulnerability requiring command-line access to the device, not a remote attack vector.
RemediationAI
Upgrade Junos OS to the patched versions: 23.2R2-S6 or later for the 23.2 branch, 23.4R2-S7 or later for the 23.4 branch, 24.2R2-S2 or later for the 24.2 branch, 24.4R2 or later for the 24.4 branch, or 25.2R1-S1, 25.2R2, or later for the 25.2 branch. Consult the Juniper Security Advisory JSA107873 at https://kb.juniper.net/JSA107873 for specific upgrade procedures and any additional mitigation guidance. In the interim, restrict local access to the CLI and 'show chassis' command execution to trusted administrative users only, and monitor for unexpected chassisd restarts via system logs and management interfaces.
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: acti
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote un
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by
Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21205
GHSA-w7w4-rh54-5rf6