CWE
367 362
Advisory Published
Updated

CVE-2021-0289: Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted

First published: Thu Jul 15 2021(Updated: )

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper JUNOS>=5.7<15.1
Juniper JUNOS>=15.2<18.4
Juniper JUNOS=5.6-r1
Juniper JUNOS=18.4
Juniper JUNOS=18.4-r1
Juniper JUNOS=18.4-r1-s1
Juniper JUNOS=18.4-r1-s2
Juniper JUNOS=18.4-r1-s3
Juniper JUNOS=18.4-r1-s4
Juniper JUNOS=18.4-r1-s5
Juniper JUNOS=18.4-r1-s6
Juniper JUNOS=18.4-r1-s7
Juniper JUNOS=18.4-r2
Juniper JUNOS=18.4-r2-s1
Juniper JUNOS=18.4-r2-s2
Juniper JUNOS=18.4-r2-s3
Juniper JUNOS=18.4-r2-s4
Juniper JUNOS=18.4-r2-s5
Juniper JUNOS=18.4-r2-s6
Juniper JUNOS=18.4-r2-s7
Juniper JUNOS=18.4-r2-s8
Juniper JUNOS=18.4-r3
Juniper JUNOS=18.4-r3-s1
Juniper JUNOS=18.4-r3-s2
Juniper JUNOS=18.4-r3-s3
Juniper JUNOS=18.4-r3-s4
Juniper JUNOS=18.4-r3-s5
Juniper JUNOS=18.4-r3-s6
Juniper JUNOS=18.4-r3-s7
Juniper JUNOS=18.4-r3-s8
Juniper JUNOS=19.4-r1
Juniper JUNOS=19.4-r1-s1
Juniper JUNOS=19.4-r1-s2
Juniper JUNOS=19.4-r1-s3
Juniper JUNOS=19.4-r2
Juniper JUNOS=19.4-r2-s1
Juniper JUNOS=19.4-r2-s2
Juniper JUNOS=19.4-r2-s3
Juniper JUNOS=19.4-r3
Juniper JUNOS=19.4-r3-s1
Juniper JUNOS=19.4-r3-s2
Juniper JUNOS=20.1-r1
Juniper JUNOS=20.1-r1-s1
Juniper JUNOS=20.1-r1-s2
Juniper JUNOS=20.1-r1-s3
Juniper JUNOS=20.1-r1-s4
Juniper JUNOS=20.1-r2
Juniper JUNOS=20.1-r2-s1
Juniper JUNOS=20.2-r1
Juniper JUNOS=20.2-r1-s1
Juniper JUNOS=20.2-r1-s2
Juniper JUNOS=20.2-r1-s3
Juniper JUNOS=20.2-r2
Juniper JUNOS=20.2-r2-s1
Juniper JUNOS=20.2-r2-s2
Juniper JUNOS=20.2-r2-s3
Juniper JUNOS=20.2-r3
Juniper JUNOS=20.2-r3-s1
Juniper JUNOS=20.4-r1
Juniper JUNOS=20.4-r1-s1
Juniper JUNOS=20.4-r2
Juniper JUNOS=20.4-r2-s1
Juniper JUNOS=21.1-r1
Juniper Acx1000
Juniper Acx1100
Juniper Acx2000
Juniper Acx2100
Juniper Acx2200
Juniper Acx4000
Juniper Acx500
Juniper Acx5000
Juniper Acx5048
Juniper Acx5096
Juniper Acx5400
Juniper Acx5448
Juniper Acx5800
Juniper Acx6300
Juniper Acx6360
Juniper Acx710
Juniper Atp400
Juniper Atp700
Juniper Csrx
Juniper Ctp150
Juniper Ctp2008
Juniper Ctp2024
Juniper Ctp2056
Juniper Dx
Juniper Dx=5.1
Juniper Ex Rps
Juniper Ex2200
Juniper Ex2200-c
Juniper Ex2200-vc
Juniper Ex2300
Juniper Ex2300-c
Juniper Ex2300m
Juniper Ex3200
Juniper Ex3300
Juniper Ex3300-vc
Juniper Ex3400
Juniper Ex4200
Juniper Ex4200-vc
Juniper Ex4300
Juniper Ex4300-24p
Juniper Ex4300-24p-s
Juniper Ex4300-24t
Juniper Ex4300-24t-s
Juniper Ex4300-32f
Juniper Ex4300-32f-dc
Juniper Ex4300-32f-s
Juniper Ex4300-48mp
Juniper Ex4300-48mp-s
Juniper Ex4300-48p
Juniper Ex4300-48p-s
Juniper Ex4300-48t
Juniper Ex4300-48t-afi
Juniper Ex4300-48t-dc
Juniper Ex4300-48t-dc-afi
Juniper Ex4300-48t-s
Juniper Ex4300-48tafi
Juniper Ex4300-48tdc
Juniper Ex4300-48tdc-afi
Juniper Ex4300-mp
Juniper Ex4300-vc
Juniper Ex4300m
Juniper Ex4400
Juniper Ex4500
Juniper Ex4500-vc
Juniper Ex4550
Juniper Ex4550-vc
Juniper Ex4550\/vc
Juniper EX4600
Juniper Ex4600-vc
Juniper Ex4650
Juniper Ex6200
Juniper Ex6210
Juniper Ex8200
Juniper Ex8200-vc
Juniper Ex8208
Juniper Ex8216
Juniper Ex9200
Juniper Ex9204
Juniper Ex9208
Juniper Ex9214
Juniper Ex9250
Juniper Ex9251
Juniper Ex9253
Juniper Fips Infranet Controller 6500
Juniper Fips Secure Access 4000
Juniper Fips Secure Access 4500
Juniper Fips Secure Access 6000
Juniper Fips Secure Access 6500
Juniper Gfx3600
Juniper Idp250
Juniper Idp75
Juniper Idp800
Juniper Idp8200
Juniper Infranet Controller 4000
Juniper Infranet Controller 4500
Juniper Infranet Controller 6000
Juniper Infranet Controller 6500
Juniper Jatp=400
Juniper Jatp=700
Juniper JUNOS
Juniper Junos Space Ja1500 Appliance
Juniper Junos Space Ja2500 Appliance
Juniper Ln1000
Juniper Ln2600
Juniper M10i
Juniper M120
Juniper M320
Juniper M7i
Juniper Mag2600 Gateway
Juniper Mag4610 Gateway
Juniper Mag6610 Gateway
Juniper Mag6611 Gateway
Juniper Mx
Juniper Mx10
Juniper Mx10000
Juniper Mx10003
Juniper Mx10008
Juniper Mx10016
Juniper Mx104
Juniper Mx150
Juniper Mx2008
Juniper Mx2010
Juniper Mx2020
Juniper Mx204
Juniper Mx240
Juniper Mx40
Juniper Mx480
Juniper Mx5
Juniper Mx80
Juniper Mx960
Juniper Netscreen-5200
Juniper Netscreen-5400
Juniper Netscreen-5gt
Juniper Netscreen-5gt=5.0
Juniper Netscreen-idp=3.0
Juniper Netscreen-idp=3.0r1
Juniper Netscreen-idp=3.0r2
Juniper Netscreen-idp 10
Juniper Netscreen-idp 100
Juniper Netscreen-idp 1000
Juniper Netscreen-idp 500
Juniper Nfx
Juniper Nfx150
Juniper Nfx250
Juniper Nfx350
Juniper Nsm3000
Juniper Nsmexpress
Juniper Ocx1100
Juniper Ptx1000
Juniper Ptx1000-72q
Juniper Ptx10000
Juniper Ptx10001
Juniper Ptx10001-36mr
Juniper Ptx100016
Juniper Ptx10002
Juniper Ptx10002-60c
Juniper Ptx10003
Juniper Ptx10003 160c
Juniper Ptx10003 80c
Juniper Ptx10003 81cd
Juniper Ptx10004
Juniper Ptx10008
Juniper Ptx10016
Juniper Ptx3000
Juniper Ptx5000
Juniper Qfx10000
Juniper Qfx10002
Juniper Qfx10002-32q
Juniper Qfx10002-60c
Juniper Qfx10002-72q
Juniper Qfx10008
Juniper Qfx10016
Juniper Qfx3000-g
Juniper Qfx3000-m
Juniper Qfx3008-i
Juniper Qfx3100
Juniper Qfx3500
Juniper Qfx3600
Juniper Qfx3600-i
Juniper Qfx5100
Juniper Qfx5100-96s
Juniper Qfx5110
Juniper Qfx5120
Juniper Qfx5130
Juniper Qfx5200
Juniper Qfx5200-32c
Juniper Qfx5200-48y
Juniper Qfx5210
Juniper Qfx5210-64c
Juniper Qfx5220
Juniper Router M10
Juniper Router M16
Juniper Router M20
Juniper Router M40
Juniper Router M5
Juniper Secure Access 2000
Juniper Secure Access 2500
Juniper Secure Access 4000
Juniper Secure Access 4500
Juniper Secure Access 6000
Juniper Secure Access 6500
Juniper Secure Access 700
Juniper T1600
Juniper T320
Juniper T4000
Juniper T640
Juniper Xre200
Juniper JUNOS=19.4-r3-s3
Juniper JUNOS=20.3-r1
Juniper JUNOS=20.3-r1-s1
Juniper JUNOS=20.3-r2
Juniper JUNOS=21.1-r1-s1
Juniper Srx100
Juniper Srx110
Juniper Srx1400
Juniper Srx1500
Juniper Srx210
Juniper Srx220
Juniper Srx240
Juniper Srx240h2
Juniper Srx300
Juniper Srx320
Juniper Srx340
Juniper Srx3400
Juniper Srx345
Juniper Srx3600
Juniper Srx380
Juniper Srx4000
Juniper Srx4100
Juniper Srx4200
Juniper Srx4600
Juniper Srx5000
Juniper Srx5400
Juniper Srx550
Juniper Srx550 Hm
Juniper Srx550m
Juniper Srx5600
Juniper Srx5800
Juniper Srx650

Remedy

The following software releases have been updated to resolve this specific issue: For all platforms, except SRX Series, using Junos OS 15.1R7-S10, 18.4R2-S9, 18.4R3-S9, 19.4R3-S4, 20.1R3, 20.2R3-S2, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases. On SRX series using Junos OS 18.4R2-S9, 18.4R3-S9, 19.4R3-S4. 20.1R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203