EUVD-2026-21199
GHSA-gv4f-m3jw-j3h9
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
Lifecycle Timeline
3Tags
Description
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service (DoS). On EX4k, and QFX5k platforms configured as service-provider edge devices, if L2PT is enabled on the UNI and VSTP is enabled on NNI in VXLAN scenarios, receiving VSTP BPDUs on UNI leads to packet buffer allocation failures, resulting in the device to not pass traffic anymore until it is manually recovered with a restart.This issue affects Junos OS: * 24.4 releases before 24.4R2, * 25.2 releases before 25.2R1-S1, 25.2R2. This issue does not affect Junos OS releases before 24.4R1.
Analysis
Packet buffer allocation failure in Juniper EX4000 and QFX5000 Series switches allows adjacent unauthenticated attackers to cause persistent Denial of Service requiring manual device restart. Attack vector requires specific configuration: device configured as service-provider edge with L2PT enabled on UNI and VSTP enabled on NNI in VXLAN scenarios. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all EX4000 and QFX5000 devices in your environment; cross-reference with service-provider edge configurations using L2PT on UNI and VSTP on NNI in VXLAN; document current Junos OS versions. Within 7 days: Implement network segmentation to restrict VSTP BPDUs from reaching UNI interfaces on affected devices; disable L2PT or VSTP where operationally feasible; engage Juniper TAC for configuration hardening guidance specific to your topology. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today