好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读全文,抓住关键信息。 文章主要讲的是Juniper发布了紧急补丁,修复PTX路由器中的一个严重远程代码执行漏洞CVE-2026-21902。这个漏洞的CVSS评分是9.3,属于高危。攻击者无需认证就能远程执行代码,权限为root,可能导致设备完全被控制。 漏洞存在于On-Box Anomaly Detection框架中,默认情况下该服务应该只能被内部进程访问,但因为权限设置错误,外部也能访问。Juniper建议用户尽快打补丁,并提供了一些临时解决方案,比如限制访问或禁用服务。 文章还提到Juniper是在内部测试中发现这个漏洞的,并且目前没有已知的利用案例。 接下来,我需要把这些信息浓缩到100字以内。要确保包含关键点:Juniper发布紧急补丁、漏洞名称和评分、影响范围、攻击者的能力、漏洞原因以及建议措施。 可能会这样组织句子:Juniper发布紧急补丁修复PTX路由器中的严重RCE漏洞CVE-2026-21902(CVSS 9.3),允许未认证攻击者远程执行代码并完全控制设备。该漏洞源于On-Box Anomaly Detection框架的权限错误,默认应仅内部访问却暴露在外。建议立即应用补丁或限制服务访问以缓解风险。 </think> Juniper发布紧急补丁修复PTX路由器中的严重RCE漏洞CVE-2026-21902(CVSS 9.3),允许未认证攻击者远程执行代码并完全控制设备。该漏洞源于On-Box Anomaly Detection框架的权限错误,默认应仅内部访问却暴露在外。建议立即应用补丁或限制服务访问以缓解风险。 2026-2-27 11:40:46 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
Juniper issues emergency patch for critical PTX router RCE
Pierluigi Paganini
February 27, 2026
Juniper released an emergency patch for Junos OS Evolved to fix CVE-2026-21902, a critical RCE flaw affecting PTX routers.
Juniper Networks issued an out-of-band security update for Junos OS Evolved to address a critical remote code execution vulnerability, tracked as CVE-2026-21902 (CVSS score of 9.3), impacting PTX routers.
The company urges customers to apply the patch promptly to protect network infrastructure from potential exploitation.
The flaw resides in the On-Box Anomaly Detection framework of Junos OS Evolved on PTX Series routers and lets unauthenticated remote attackers execute code as root. The service, enabled by default, should be restricted to internal processes but can be accessed externally due to incorrect permissions, allowing full device takeover.
“An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port.” reads the advisory published by the vendor. “With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required.”
The vulnerability affects versions before 25.4R1-S1-EVO and 25.4R2-EVO, but not earlier releases or standard Junos OS. Juniper found the flaw internally and reports no active exploitation.
The vendor recommends limiting access to the vulnerable service using ACLs or firewall filters to allow only trusted hosts, or disabling the service entirely with request pfe anomalies disable as a workaround.
The company discovered the vulnerability during internal product security testing or research. Juniper SIRT is not aware of any attacks in the wild exploiting this flaw.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, RCE)
如有侵权请联系:admin#unsafe.sh