vulnerability
Juniper Junos OS: 2026-01 Security Bulletin: Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset (JSA106011) (CVE-2026-21912)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jan 14, 2026 | Jan 27, 2026 | Feb 12, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Jan 14, 2026
Added
Jan 27, 2026
Modified
Feb 12, 2026
Description
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset.On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.
Solution
juniper-junos-os-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.