First published: Thu Jul 15 2021(Updated: )
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | >=5.7<15.1 | |
Juniper JUNOS | >=15.2<18.4 | |
Juniper JUNOS | =5.6-r1 | |
Juniper JUNOS | =18.4 | |
Juniper JUNOS | =18.4-r1 | |
Juniper JUNOS | =18.4-r1-s1 | |
Juniper JUNOS | =18.4-r1-s2 | |
Juniper JUNOS | =18.4-r1-s3 | |
Juniper JUNOS | =18.4-r1-s4 | |
Juniper JUNOS | =18.4-r1-s5 | |
Juniper JUNOS | =18.4-r1-s6 | |
Juniper JUNOS | =18.4-r1-s7 | |
Juniper JUNOS | =18.4-r2 | |
Juniper JUNOS | =18.4-r2-s1 | |
Juniper JUNOS | =18.4-r2-s2 | |
Juniper JUNOS | =18.4-r2-s3 | |
Juniper JUNOS | =18.4-r2-s4 | |
Juniper JUNOS | =18.4-r2-s5 | |
Juniper JUNOS | =18.4-r2-s6 | |
Juniper JUNOS | =18.4-r2-s7 | |
Juniper JUNOS | =18.4-r2-s8 | |
Juniper JUNOS | =18.4-r3 | |
Juniper JUNOS | =18.4-r3-s1 | |
Juniper JUNOS | =18.4-r3-s2 | |
Juniper JUNOS | =18.4-r3-s3 | |
Juniper JUNOS | =18.4-r3-s4 | |
Juniper JUNOS | =18.4-r3-s5 | |
Juniper JUNOS | =18.4-r3-s6 | |
Juniper JUNOS | =18.4-r3-s7 | |
Juniper JUNOS | =18.4-r3-s8 | |
Juniper JUNOS | =19.4-r1 | |
Juniper JUNOS | =19.4-r1-s1 | |
Juniper JUNOS | =19.4-r1-s2 | |
Juniper JUNOS | =19.4-r1-s3 | |
Juniper JUNOS | =19.4-r2 | |
Juniper JUNOS | =19.4-r2-s1 | |
Juniper JUNOS | =19.4-r2-s2 | |
Juniper JUNOS | =19.4-r2-s3 | |
Juniper JUNOS | =19.4-r3 | |
Juniper JUNOS | =19.4-r3-s1 | |
Juniper JUNOS | =19.4-r3-s2 | |
Juniper JUNOS | =20.1-r1 | |
Juniper JUNOS | =20.1-r1-s1 | |
Juniper JUNOS | =20.1-r1-s2 | |
Juniper JUNOS | =20.1-r1-s3 | |
Juniper JUNOS | =20.1-r1-s4 | |
Juniper JUNOS | =20.1-r2 | |
Juniper JUNOS | =20.1-r2-s1 | |
Juniper JUNOS | =20.2-r1 | |
Juniper JUNOS | =20.2-r1-s1 | |
Juniper JUNOS | =20.2-r1-s2 | |
Juniper JUNOS | =20.2-r1-s3 | |
Juniper JUNOS | =20.2-r2 | |
Juniper JUNOS | =20.2-r2-s1 | |
Juniper JUNOS | =20.2-r2-s2 | |
Juniper JUNOS | =20.2-r2-s3 | |
Juniper JUNOS | =20.2-r3 | |
Juniper JUNOS | =20.2-r3-s1 | |
Juniper JUNOS | =20.4-r1 | |
Juniper JUNOS | =20.4-r1-s1 | |
Juniper JUNOS | =20.4-r2 | |
Juniper JUNOS | =20.4-r2-s1 | |
Juniper JUNOS | =21.1-r1 | |
Juniper Acx1000 | ||
Juniper Acx1100 | ||
Juniper Acx2000 | ||
Juniper Acx2100 | ||
Juniper Acx2200 | ||
Juniper Acx4000 | ||
Juniper Acx500 | ||
Juniper Acx5000 | ||
Juniper Acx5048 | ||
Juniper Acx5096 | ||
Juniper Acx5400 | ||
Juniper Acx5448 | ||
Juniper Acx5800 | ||
Juniper Acx6300 | ||
Juniper Acx6360 | ||
Juniper Acx710 | ||
Juniper Atp400 | ||
Juniper Atp700 | ||
Juniper Csrx | ||
Juniper Ctp150 | ||
Juniper Ctp2008 | ||
Juniper Ctp2024 | ||
Juniper Ctp2056 | ||
Juniper Dx | ||
Juniper Dx | =5.1 | |
Juniper Ex Rps | ||
Juniper Ex2200 | ||
Juniper Ex2200-c | ||
Juniper Ex2200-vc | ||
Juniper Ex2300 | ||
Juniper Ex2300-c | ||
Juniper Ex2300m | ||
Juniper Ex3200 | ||
Juniper Ex3300 | ||
Juniper Ex3300-vc | ||
Juniper Ex3400 | ||
Juniper Ex4200 | ||
Juniper Ex4200-vc | ||
Juniper Ex4300 | ||
Juniper Ex4300-24p | ||
Juniper Ex4300-24p-s | ||
Juniper Ex4300-24t | ||
Juniper Ex4300-24t-s | ||
Juniper Ex4300-32f | ||
Juniper Ex4300-32f-dc | ||
Juniper Ex4300-32f-s | ||
Juniper Ex4300-48mp | ||
Juniper Ex4300-48mp-s | ||
Juniper Ex4300-48p | ||
Juniper Ex4300-48p-s | ||
Juniper Ex4300-48t | ||
Juniper Ex4300-48t-afi | ||
Juniper Ex4300-48t-dc | ||
Juniper Ex4300-48t-dc-afi | ||
Juniper Ex4300-48t-s | ||
Juniper Ex4300-48tafi | ||
Juniper Ex4300-48tdc | ||
Juniper Ex4300-48tdc-afi | ||
Juniper Ex4300-mp | ||
Juniper Ex4300-vc | ||
Juniper Ex4300m | ||
Juniper Ex4400 | ||
Juniper Ex4500 | ||
Juniper Ex4500-vc | ||
Juniper Ex4550 | ||
Juniper Ex4550-vc | ||
Juniper Ex4550\/vc | ||
Juniper EX4600 | ||
Juniper Ex4600-vc | ||
Juniper Ex4650 | ||
Juniper Ex6200 | ||
Juniper Ex6210 | ||
Juniper Ex8200 | ||
Juniper Ex8200-vc | ||
Juniper Ex8208 | ||
Juniper Ex8216 | ||
Juniper Ex9200 | ||
Juniper Ex9204 | ||
Juniper Ex9208 | ||
Juniper Ex9214 | ||
Juniper Ex9250 | ||
Juniper Ex9251 | ||
Juniper Ex9253 | ||
Juniper Fips Infranet Controller 6500 | ||
Juniper Fips Secure Access 4000 | ||
Juniper Fips Secure Access 4500 | ||
Juniper Fips Secure Access 6000 | ||
Juniper Fips Secure Access 6500 | ||
Juniper Gfx3600 | ||
Juniper Idp250 | ||
Juniper Idp75 | ||
Juniper Idp800 | ||
Juniper Idp8200 | ||
Juniper Infranet Controller 4000 | ||
Juniper Infranet Controller 4500 | ||
Juniper Infranet Controller 6000 | ||
Juniper Infranet Controller 6500 | ||
Juniper Jatp | =400 | |
Juniper Jatp | =700 | |
Juniper JUNOS | ||
Juniper Junos Space Ja1500 Appliance | ||
Juniper Junos Space Ja2500 Appliance | ||
Juniper Ln1000 | ||
Juniper Ln2600 | ||
Juniper M10i | ||
Juniper M120 | ||
Juniper M320 | ||
Juniper M7i | ||
Juniper Mag2600 Gateway | ||
Juniper Mag4610 Gateway | ||
Juniper Mag6610 Gateway | ||
Juniper Mag6611 Gateway | ||
Juniper Mx | ||
Juniper Mx10 | ||
Juniper Mx10000 | ||
Juniper Mx10003 | ||
Juniper Mx10008 | ||
Juniper Mx10016 | ||
Juniper Mx104 | ||
Juniper Mx150 | ||
Juniper Mx2008 | ||
Juniper Mx2010 | ||
Juniper Mx2020 | ||
Juniper Mx204 | ||
Juniper Mx240 | ||
Juniper Mx40 | ||
Juniper Mx480 | ||
Juniper Mx5 | ||
Juniper Mx80 | ||
Juniper Mx960 | ||
Juniper Netscreen-5200 | ||
Juniper Netscreen-5400 | ||
Juniper Netscreen-5gt | ||
Juniper Netscreen-5gt | =5.0 | |
Juniper Netscreen-idp | =3.0 | |
Juniper Netscreen-idp | =3.0r1 | |
Juniper Netscreen-idp | =3.0r2 | |
Juniper Netscreen-idp 10 | ||
Juniper Netscreen-idp 100 | ||
Juniper Netscreen-idp 1000 | ||
Juniper Netscreen-idp 500 | ||
Juniper Nfx | ||
Juniper Nfx150 | ||
Juniper Nfx250 | ||
Juniper Nfx350 | ||
Juniper Nsm3000 | ||
Juniper Nsmexpress | ||
Juniper Ocx1100 | ||
Juniper Ptx1000 | ||
Juniper Ptx1000-72q | ||
Juniper Ptx10000 | ||
Juniper Ptx10001 | ||
Juniper Ptx10001-36mr | ||
Juniper Ptx100016 | ||
Juniper Ptx10002 | ||
Juniper Ptx10002-60c | ||
Juniper Ptx10003 | ||
Juniper Ptx10003 160c | ||
Juniper Ptx10003 80c | ||
Juniper Ptx10003 81cd | ||
Juniper Ptx10004 | ||
Juniper Ptx10008 | ||
Juniper Ptx10016 | ||
Juniper Ptx3000 | ||
Juniper Ptx5000 | ||
Juniper Qfx10000 | ||
Juniper Qfx10002 | ||
Juniper Qfx10002-32q | ||
Juniper Qfx10002-60c | ||
Juniper Qfx10002-72q | ||
Juniper Qfx10008 | ||
Juniper Qfx10016 | ||
Juniper Qfx3000-g | ||
Juniper Qfx3000-m | ||
Juniper Qfx3008-i | ||
Juniper Qfx3100 | ||
Juniper Qfx3500 | ||
Juniper Qfx3600 | ||
Juniper Qfx3600-i | ||
Juniper Qfx5100 | ||
Juniper Qfx5100-96s | ||
Juniper Qfx5110 | ||
Juniper Qfx5120 | ||
Juniper Qfx5130 | ||
Juniper Qfx5200 | ||
Juniper Qfx5200-32c | ||
Juniper Qfx5200-48y | ||
Juniper Qfx5210 | ||
Juniper Qfx5210-64c | ||
Juniper Qfx5220 | ||
Juniper Router M10 | ||
Juniper Router M16 | ||
Juniper Router M20 | ||
Juniper Router M40 | ||
Juniper Router M5 | ||
Juniper Secure Access 2000 | ||
Juniper Secure Access 2500 | ||
Juniper Secure Access 4000 | ||
Juniper Secure Access 4500 | ||
Juniper Secure Access 6000 | ||
Juniper Secure Access 6500 | ||
Juniper Secure Access 700 | ||
Juniper T1600 | ||
Juniper T320 | ||
Juniper T4000 | ||
Juniper T640 | ||
Juniper Xre200 | ||
Juniper JUNOS | =19.4-r3-s3 | |
Juniper JUNOS | =20.3-r1 | |
Juniper JUNOS | =20.3-r1-s1 | |
Juniper JUNOS | =20.3-r2 | |
Juniper JUNOS | =21.1-r1-s1 | |
Juniper Srx100 | ||
Juniper Srx110 | ||
Juniper Srx1400 | ||
Juniper Srx1500 | ||
Juniper Srx210 | ||
Juniper Srx220 | ||
Juniper Srx240 | ||
Juniper Srx240h2 | ||
Juniper Srx300 | ||
Juniper Srx320 | ||
Juniper Srx340 | ||
Juniper Srx3400 | ||
Juniper Srx345 | ||
Juniper Srx3600 | ||
Juniper Srx380 | ||
Juniper Srx4000 | ||
Juniper Srx4100 | ||
Juniper Srx4200 | ||
Juniper Srx4600 | ||
Juniper Srx5000 | ||
Juniper Srx5400 | ||
Juniper Srx550 | ||
Juniper Srx550 Hm | ||
Juniper Srx550m | ||
Juniper Srx5600 | ||
Juniper Srx5800 | ||
Juniper Srx650 |
The following software releases have been updated to resolve this specific issue: For all platforms, except SRX Series, using Junos OS 15.1R7-S10, 18.4R2-S9, 18.4R3-S9, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases. On SRX series using Junos OS 18.4R2-S9, 18.4R3-S9, 19.4R3-S4. 20.1R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.