{"id":15883,"date":"2026-02-27T21:46:36","date_gmt":"2026-02-27T21:46:36","guid":{"rendered":"https:\/\/newestek.com\/?p=15883"},"modified":"2026-02-27T21:46:36","modified_gmt":"2026-02-27T21:46:36","slug":"security-hole-could-let-hackers-take-over-juniper-networks-ptx-core-routers","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15883","title":{"rendered":"Security hole could let hackers take over Juniper Networks PTX core routers"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat actor running code with root privileges.<\/p>\n<p><em>T<\/em>he hole is \u201cespecially dangerous, because these devices often sit in the middle of the network, not on the fringes,\u201d said <a href=\"https:\/\/www.linkedin.com\/in\/piyushsharrma\/\" target=\"_blank\" rel=\"noreferrer noopener\">Piyush Sharma<\/a>, CEO of Tuskira<em>. \u201c<\/em>If an attacker gains control of a PTX, the impact is bigger than a single device compromise because it can become a traffic vantage point and a control point at the same time. This opens the door to the stealthy interception of data flows, controller redirected traffic, or easy pivots into adjacent networks.\u201d<\/p>\n<p>This issue affects PTX routers running versions of the Junos OS Evolved operating system earlier than 25.4R1-S1-EVO and 25.4R2-EVO. It doesn\u2019t affect the standard Junos OS.<\/p>\n<p><a href=\"https:\/\/supportportal.juniper.net\/s\/article\/2026-02-Out-of-Cycle-Security-Bulletin-Junos-OS-Evolved-PTX-Series-A-vulnerability-allows-a-unauthenticated-network-based-attacker-to-execute-code-as-root-CVE-2026-21902\" target=\"_blank\" rel=\"noreferrer noopener\">In a notice, Juniper said <\/a>it isn\u2019t aware of any malicious exploitation of this vulnerability. The hole was found during internal product security testing or research.<\/p>\n<p>The PTX line is a series of modular high performance core routers powered by HPE Juniper Networks\u2019 latest generation of custom Express family ASICs and\u00a0optimized\u00a0for 400G and 800G migrations. They offer native 400G and 800G inline MACsec, deep buffering and flexible filtering. The company says they are built for longevity in demanding WAN (wide area network) and data center use cases and deployment scenarios, including core, peering, data center interconnect, data center edge, metro aggregation, and AI data center networking.<\/p>\n<p>In its notice, Juniper says an Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of the operating system allows an unauthenticated, network-based attacker to execute code as root. The detection framework is enabled by default.<\/p>\n<p>\u201cThe On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port,\u201d the alert adds. \u201cWith the ability to access and manipulate the service to execute code as root, a remote attacker can take complete control of the device.\u201d<\/p>\n<p>To resolve the issue, admins should make sure version 25.4R1-S1-EVO of Junos OS Evolved is installed. They should also note that versions 25.4R2-EVO and 26.2R1-EVO are on the way.<\/p>\n<p>If the update can\u2019t be installed immediately, admins should use access control lists or firewall filters to limit access to only trusted networks and hosts, to reduce the risk of exploitation of this issue. Ensure such filters only permit explicitly required connections and block all others.<\/p>\n<p>Another option is to disable the service by entering <em>request pfe anomalies disable<\/em> in the operating system\u2019s command line.<\/p>\n<p>Sharma said Juniper vulnerabilities have attracted a lot of attention from hackers over the years because of the premium positioning the routers give if long-term footholds are established. \u201cAs a network operating system, Junos sits at the crossroads of major control points like identity, policy, and traffic, which means a single exploit can scale quickly across valuable networks,\u201d he said. \u201cAdditionally, these footholds provide attackers a longer window to find and exploit vulnerable devices, since core network gear is painful to apply patching to due to long downtimes.\u201d<\/p>\n<p>To prevent vulnerabilities such as the current flaw from leading to exploitation, organizations need a defense platform that can continuously monitor for anomalies across networks and alert security teams when malicious behavior is detected, he added.<\/p>\n<p>Disclosure of the vulnerability comes as Juniper\u2019s parent firm HPE <a href=\"https:\/\/www.networkworld.com\/article\/4136694\/hpes-latest-juniper-routers-target-large%E2%80%91scale-ai-fabrics.html\" target=\"_blank\">prepares to introduce new PTX12000 and PTX10002 router families<\/a> at next week\u2019s Mobile World Congress. HPE <a href=\"https:\/\/www.networkworld.com\/article\/4016229\/hpe-finalizes-juniper-acquisition-forms-new-ai-centric-networking-unit.html\" target=\"_blank\">bought Juniper last year<\/a>.<\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat actor running code with root privileges. The hole is \u201cespecially dangerous, because these devices often sit in the middle of the network, not on the fringes,\u201d said Piyush Sharma, CEO of Tuskira. \u201cIf an attacker gains control of&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15883\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15883","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15883"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15883\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}