CVE-2021-0289

Vulnerability Summary

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an malicious user to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions before 18.4 versions before 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions before 19.4R3-S3; 20.1 versions before 20.1R3; 20.2 versions before 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions before 20.4R3; 21.1 versions before 21.1R2; This issue does not affect Juniper Networks Junos OS versions before 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions before 18.4R2-S9, 18.4R3-S9; 19.4 versions before 19.4R3-S4; 20.1 versions before 20.1R3; 20.2 versions before 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions before 20.4R3; 21.1 versions before 21.1R2. This issue does not affect 18.4 versions before 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Vulnerability Trend

References