medium
6.5
CWE
367 362
Advisory Published
Updated

CVE-2021-0289: Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted

First published: Thu Jul 15 2021(Updated: )

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper Junos>=5.7<15.1
Juniper Junos>=15.2<18.4
Juniper Junos=5.6-r1
Juniper Junos=18.4
Juniper Junos=18.4-r1
Juniper Junos=18.4-r1-s1
Juniper Junos=18.4-r1-s2
Juniper Junos=18.4-r1-s3
Juniper Junos=18.4-r1-s4
Juniper Junos=18.4-r1-s5
Juniper Junos=18.4-r1-s6
Juniper Junos=18.4-r1-s7
Juniper Junos=18.4-r2
Juniper Junos=18.4-r2-s1
Juniper Junos=18.4-r2-s2
Juniper Junos=18.4-r2-s3
Juniper Junos=18.4-r2-s4
Juniper Junos=18.4-r2-s5
Juniper Junos=18.4-r2-s6
Juniper Junos=18.4-r2-s7
Juniper Junos=18.4-r2-s8
Juniper Junos=18.4-r3
Juniper Junos=18.4-r3-s1
Juniper Junos=18.4-r3-s2
Juniper Junos=18.4-r3-s3
Juniper Junos=18.4-r3-s4
Juniper Junos=18.4-r3-s5
Juniper Junos=18.4-r3-s6
Juniper Junos=18.4-r3-s7
Juniper Junos=18.4-r3-s8
Juniper Junos=19.4-r1
Juniper Junos=19.4-r1-s1
Juniper Junos=19.4-r1-s2
Juniper Junos=19.4-r1-s3
Juniper Junos=19.4-r2
Juniper Junos=19.4-r2-s1
Juniper Junos=19.4-r2-s2
Juniper Junos=19.4-r2-s3
Juniper Junos=19.4-r3
Juniper Junos=19.4-r3-s1
Juniper Junos=19.4-r3-s2
Juniper Junos=20.1-r1
Juniper Junos=20.1-r1-s1
Juniper Junos=20.1-r1-s2
Juniper Junos=20.1-r1-s3
Juniper Junos=20.1-r1-s4
Juniper Junos=20.1-r2
Juniper Junos=20.1-r2-s1
Juniper Junos=20.2-r1
Juniper Junos=20.2-r1-s1
Juniper Junos=20.2-r1-s2
Juniper Junos=20.2-r1-s3
Juniper Junos=20.2-r2
Juniper Junos=20.2-r2-s1
Juniper Junos=20.2-r2-s2
Juniper Junos=20.2-r2-s3
Juniper Junos=20.2-r3
Juniper Junos=20.2-r3-s1
Juniper Junos=20.4-r1
Juniper Junos=20.4-r1-s1
Juniper Junos=20.4-r2
Juniper Junos=20.4-r2-s1
Juniper Junos=21.1-r1
Juniper ACX1000
Juniper OCX1100
Juniper ACX2000
Juniper ACX2100
Juniper ACX2200
Juniper ACX4000
Juniper ACX500
Juniper ACX5000
Juniper ACX5048
Juniper ACX5096
Juniper ACX5400
Juniper ACX5448
Juniper ACX5800
Juniper ACX6300
Juniper ACX6360
Juniper ACX710
Juniper ATP400
Juniper ATP700
Juniper CSRX
Juniper ctp150
Juniper CTP 2008
Juniper ctp2024
Juniper ctp2056
Juniper DX
Juniper DX=5.1
Juniper EX Series
Juniper EX2200-C
Juniper EX2200
Juniper EX2200
Juniper EX2300-24T
Juniper EX2300-C
Juniper EX2300
Juniper EX3200
Juniper EX3300
Juniper EX3300-VX
Juniper EX3400
Juniper EX Series
Juniper EX4200
Juniper EX4300-24T
Juniper EX4300-24P
Juniper EX4300
Juniper EX4300-24T-S
Juniper EX4300-24T-S
Juniper EX4300-32F-S
Juniper EX4300
Juniper EX4300-32F-S
Juniper EX4300-48MP
Juniper EX4300-48MP-S
Juniper EX4300-48P
Juniper EX4300-48P
Juniper EX4300-48T-AFI
Juniper EX4300-48TAFI
Juniper EX4300-48TDC
Juniper EX4300-48TDC-AFI
Juniper EX4300-48T-S
Juniper EX4300-48TAFI
Juniper EX4300-48T-DC
Juniper EX4300-48T-DC-AFI
Juniper EX4300
Juniper EX4300
Juniper EX4300
Juniper EX4400-24X
juniper ex4500-vc
Juniper EX4500
Juniper EX Series
Juniper EX4550
Juniper EX4550
Juniper EX4600
Juniper EX4600
Juniper EX4650
Juniper EX6200
Juniper EX Series
Juniper EX Series
Juniper EX8200
Juniper EX8208
Juniper EX Series
Juniper EX9200
Juniper EX Series
Juniper EX9208
Juniper EX9214
Juniper EX9250
Juniper EX9251
Juniper EX9253
Juniper Infranet Controller 6500
Pulse Secure Secure Access Series SSL VPN SA-4000
Juniper Secure Access 4500
Juniper Secure Access 6000
Juniper Secure Access 6500
Juniper QFX3600
Juniper IDP250
Juniper IDP75
Juniper IDP 800
Juniper IDP8200
Juniper Infranet Controller 4000
Juniper Infranet Controller 4500
Juniper Infranet Controller 6000
Juniper FIPS Infranet Controller 6500
Juniper JATP=400
Juniper JATP=700
Juniper Junos
Juniper Junos Space JA1500 Appliance
Juniper Junos Space JA2500 Appliance
Juniper ln1000
Juniper ln2600
Juniper M10i
Juniper M120
NEC M320F
Juniper m7i
Juniper MAG2600 Gateway
Juniper MAG4610 Gateway
Juniper MAG6610 Gateway
Juniper MAG6611 Gateway
Juniper MX Series
Juniper MX10
Juniper MX10000
Juniper MX10003
Juniper MX10008
Juniper MX10016
Juniper MX104
Juniper MX150
Juniper MX2008
Juniper MX2010
Juniper MX2020
Juniper MX204
Juniper MX240
Juniper MX40
Juniper MX480
Juniper MX5
Juniper MX80
Juniper MX960
Juniper Netscreen 5200
Juniper Netscreen-5400
Juniper Netscreen-5GT
Juniper Netscreen-5GT=5.0
Juniper netscreen-idp 1000=3.0
Juniper netscreen-idp 1000=3.0r1
Juniper netscreen-idp 1000=3.0r2
Juniper Netscreen-IDP 10
Juniper Networks NetScreen-IDP 100
Juniper netscreen-idp 1000
Juniper Networks IDP 500
Juniper NFX
Juniper NFX
Juniper NFX
Juniper NFX Series
Juniper Networks NSM 3000
Juniper NSM Express
Juniper OCX1100
Juniper PTX1000
Juniper PTX1000
Juniper PTX10000
Juniper PTX10001-36MR
Juniper PTX10001-36MR
Juniper PTX10016
Juniper PTX10002
Juniper PTX10002
Juniper PTX10003 80C
Juniper PTX10003
Juniper PTX10003 80C
Juniper PTX10003
Juniper PTX10004
Juniper PTX10008
Juniper PTX10016
Juniper PTX3000
Juniper PTX5000
Juniper QFX10000
Juniper QFX10002-60C
Juniper QFX10002
Juniper QFX10002
Juniper QFX10002
Juniper QFX10008
Juniper QFX10016
Juniper QFX3000-G
Juniper QFX3000-M
Juniper QFX3008-I
Juniper QFX3100
Juniper QFX3500
Juniper QFX3600-I
Juniper QFX3600
Juniper QFX5100
Juniper QFX5100
Juniper QFX5110
Juniper QFX5120
Juniper QFX5130
Juniper QFX5200-48Y
Juniper QFX5200-32C
Juniper QFX5200-48Y
Juniper QFX5210-64C
Juniper QFX5210
Juniper QFX5220
Juniper M10i
Juniper M16 Router
Juniper M20
Juniper M40 Router
Juniper Router M5
Juniper Secure Access 2000
Juniper Secure Access 2500
Pulse Secure Secure Access Series SSL VPN SA-4000
Juniper FIPS Secure Access 4500
Juniper Secure Access 6000
Juniper Secure Access 6500
Juniper Secure Access 700
Juniper T1600
Juniper T320
Juniper T4000
Juniper T640
Juniper xre200
Juniper Junos=19.4-r3-s3
Juniper Junos=20.3-r1
Juniper Junos=20.3-r1-s1
Juniper Junos=20.3-r2
Juniper Junos=21.1-r1-s1
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX1500
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX240H2
Juniper SRX300
Juniper SRX320
Juniper SRX340
Juniper SRX3400
Juniper SRX345
Juniper SRX3600
Juniper SRX380
Juniper SRX4000
Juniper SRX4100
Juniper SRX4200
Juniper SRX4600
Junos OS SRX 5000 Series
Juniper SRX5400
Juniper SRX550
Juniper SRX550
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650

Remedy

The following software releases have been updated to resolve this specific issue: For all platforms, except SRX Series, using Junos OS 15.1R7-S10, 18.4R2-S9, 18.4R3-S9, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases. On SRX series using Junos OS 18.4R2-S9, 18.4R3-S9, 19.4R3-S4. 20.1R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-0289?

    The severity of CVE-2021-0289 is classified as medium, indicating a moderately serious vulnerability.

  • How do I fix CVE-2021-0289?

    To fix CVE-2021-0289, it is recommended to apply the latest patches provided by Juniper Networks for affected versions of Junos OS.

  • Which versions of Junos OS are affected by CVE-2021-0289?

    CVE-2021-0289 affects Junos OS versions between 5.7 and 15.1, as well as 15.2 to 18.4, and various 20.x versions.

  • Does CVE-2021-0289 affect all Juniper devices?

    No, CVE-2021-0289 specifically affects devices where user-defined ARP Policer is configured on Aggregated Ethernet interface units.

  • What are the implications of CVE-2021-0289?

    The implications of CVE-2021-0289 include potential denial of service or unauthorized access to network resources due to the race condition vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203