CVE-2021-0289

Published: Jul 15, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Affected (68)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

6 vulnerable · 207 platform

Vulnerable Software	Affected Versions
Juniper Junos	From 15.2 to 18.4
Juniper Junos	From 5.7 to 15.1
Juniper Junos	Version 20.4 r2-s1
Juniper Junos	Version 20.4 r2
Juniper Junos	Version 21.1 r1
Juniper Junos	Version 5.6 r1

Running on/with	Platform Versions
Juniper Acx1000	All versions
Juniper Acx1100	All versions
Juniper Acx2000	All versions
Juniper Acx2100	All versions
Juniper Acx2200	All versions
Juniper Acx4000	All versions
Juniper Acx500	All versions
Juniper Acx5000	All versions
Juniper Acx5048	All versions
Juniper Acx5096	All versions
Juniper Acx5400	All versions
Juniper Acx5448	All versions
Juniper Acx5800	All versions
Juniper Acx6300	All versions
Juniper Acx6360	All versions
Juniper Acx710	All versions
Juniper Atp400	All versions
Juniper Atp700	All versions
Juniper Csrx	All versions
Juniper Ctp150	All versions
Juniper Ctp2008	All versions
Juniper Ctp2024	All versions
Juniper Ctp2056	All versions
Juniper Dx	All versions
Juniper Dx	Version 5.1
Juniper Ex2200	All versions
Juniper Ex2200 C	All versions
Juniper Ex2200 Vc	All versions
Juniper Ex2300	All versions
Juniper Ex2300 C	All versions
Juniper Ex2300m	All versions
Juniper Ex3200	All versions
Juniper Ex3300	All versions
Juniper Ex3300 Vc	All versions
Juniper Ex3400	All versions
Juniper Ex4200	All versions
Juniper Ex4200 Vc	All versions
Juniper Ex4300	All versions
Juniper Ex4300 24p	All versions
Juniper Ex4300 24p S	All versions
Juniper Ex4300 24t	All versions
Juniper Ex4300 24t S	All versions
Juniper Ex4300 32f	All versions
Juniper Ex4300 32f Dc	All versions
Juniper Ex4300 32f S	All versions
Juniper Ex4300 48mp	All versions
Juniper Ex4300 48mp S	All versions
Juniper Ex4300 48p	All versions
Juniper Ex4300 48p S	All versions
Juniper Ex4300 48t	All versions
Juniper Ex4300 48t Afi	All versions
Juniper Ex4300 48t Dc	All versions
Juniper Ex4300 48t Dc Afi	All versions
Juniper Ex4300 48t S	All versions
Juniper Ex4300 48tafi	All versions
Juniper Ex4300 48tdc	All versions
Juniper Ex4300 48tdc Afi	All versions
Juniper Ex4300 Mp	All versions
Juniper Ex4300 Vc	All versions
Juniper Ex4300m	All versions
Juniper Ex4400	All versions
Juniper Ex4500	All versions
Juniper Ex4500 Vc	All versions
Juniper Ex4550	All versions
Juniper Ex4550 Vc	All versions
Juniper Ex4550/vc	All versions
Juniper Ex4600	All versions
Juniper Ex4600 Vc	All versions
Juniper Ex4650	All versions
Juniper Ex6200	All versions
Juniper Ex6210	All versions
Juniper Ex8200	All versions
Juniper Ex8200 Vc	All versions
Juniper Ex8208	All versions
Juniper Ex8216	All versions
Juniper Ex9200	All versions
Juniper Ex9204	All versions
Juniper Ex9208	All versions
Juniper Ex9214	All versions
Juniper Ex9250	All versions
Juniper Ex9251	All versions
Juniper Ex9253	All versions
Juniper Ex Rps	All versions
Juniper Fips Infranet Controller 6500	All versions
Juniper Fips Secure Access 4000	All versions
Juniper Fips Secure Access 4500	All versions
Juniper Fips Secure Access 6000	All versions
Juniper Fips Secure Access 6500	All versions
Juniper Gfx3600	All versions
Juniper Idp250	All versions
Juniper Idp75	All versions
Juniper Idp800	All versions
Juniper Idp8200	All versions
Juniper Infranet Controller 4000	All versions
Juniper Infranet Controller 4500	All versions
Juniper Infranet Controller 6000	All versions
Juniper Infranet Controller 6500	All versions
Juniper Jatp	Version 400
Juniper Jatp	Version 700
Juniper Junos	All versions
Juniper Junos Space Ja1500 Appliance	All versions
Juniper Junos Space Ja2500 Appliance	All versions
Juniper Ln1000	All versions
Juniper Ln2600	All versions
Juniper M10i	All versions
Juniper M120	All versions
Juniper M320	All versions
Juniper M7i	All versions
Juniper Mag2600 Gateway	All versions
Juniper Mag4610 Gateway	All versions
Juniper Mag6610 Gateway	All versions
Juniper Mag6611 Gateway	All versions
Juniper Mx	All versions
Juniper Mx10	All versions
Juniper Mx10000	All versions
Juniper Mx10003	All versions
Juniper Mx10008	All versions
Juniper Mx10016	All versions
Juniper Mx104	All versions
Juniper Mx150	All versions
Juniper Mx2008	All versions
Juniper Mx2010	All versions
Juniper Mx2020	All versions
Juniper Mx204	All versions
Juniper Mx240	All versions
Juniper Mx40	All versions
Juniper Mx480	All versions
Juniper Mx5	All versions
Juniper Mx80	All versions
Juniper Mx960	All versions
Juniper Netscreen 5200	All versions
Juniper Netscreen 5400	All versions
Juniper Netscreen 5gt	All versions
Juniper Netscreen 5gt	Version 5.0
Juniper Netscreen Idp	Version 3.0
Juniper Netscreen Idp	Version 3.0r1
Juniper Netscreen Idp	Version 3.0r2
Juniper Netscreen Idp 10	All versions
Juniper Netscreen Idp 100	All versions
Juniper Netscreen Idp 1000	All versions
Juniper Netscreen Idp 500	All versions
Juniper Nfx	All versions
Juniper Nfx150	All versions
Juniper Nfx250	All versions
Juniper Nfx350	All versions
Juniper Nsm3000	All versions
Juniper Nsmexpress	All versions
Juniper Ocx1100	All versions
Juniper Ptx1000	All versions
Juniper Ptx1000 72q	All versions
Juniper Ptx10000	All versions
Juniper Ptx10001	All versions
Juniper Ptx10001 36mr	All versions
Juniper Ptx100016	All versions
Juniper Ptx10002	All versions
Juniper Ptx10002 60c	All versions
Juniper Ptx10003	All versions
Juniper Ptx10003 160c	All versions
Juniper Ptx10003 80c	All versions
Juniper Ptx10003 81cd	All versions
Juniper Ptx10004	All versions
Juniper Ptx10008	All versions
Juniper Ptx10016	All versions
Juniper Ptx3000	All versions
Juniper Ptx5000	All versions
Juniper Qfx10000	All versions
Juniper Qfx10002	All versions
Juniper Qfx10002 32q	All versions
Juniper Qfx10002 60c	All versions
Juniper Qfx10002 72q	All versions
Juniper Qfx10008	All versions
Juniper Qfx10016	All versions
Juniper Qfx3000 G	All versions
Juniper Qfx3000 M	All versions
Juniper Qfx3008 I	All versions
Juniper Qfx3100	All versions
Juniper Qfx3500	All versions
Juniper Qfx3600	All versions
Juniper Qfx3600 I	All versions
Juniper Qfx5100	All versions
Juniper Qfx5100 96s	All versions
Juniper Qfx5110	All versions
Juniper Qfx5120	All versions
Juniper Qfx5130	All versions
Juniper Qfx5200	All versions
Juniper Qfx5200 32c	All versions
Juniper Qfx5200 48y	All versions
Juniper Qfx5210	All versions
Juniper Qfx5210 64c	All versions
Juniper Qfx5220	All versions
Juniper Router M10	All versions
Juniper Router M16	All versions
Juniper Router M20	All versions
Juniper Router M40	All versions
Juniper Router M5	All versions
Juniper Secure Access 2000	All versions
Juniper Secure Access 2500	All versions
Juniper Secure Access 4000	All versions
Juniper Secure Access 4500	All versions
Juniper Secure Access 6000	All versions
Juniper Secure Access 6500	All versions
Juniper Secure Access 700	All versions
Juniper T1600	All versions
Juniper T320	All versions
Juniper T4000	All versions
Juniper T640	All versions
Juniper Xre200	All versions

Configuration B

62 vulnerable · 27 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 18.4
Juniper Junos	Version 18.4 r1-s1
Juniper Junos	Version 18.4 r1-s2
Juniper Junos	Version 18.4 r1-s3
Juniper Junos	Version 18.4 r1-s4
Juniper Junos	Version 18.4 r1-s5
Juniper Junos	Version 18.4 r1-s6
Juniper Junos	Version 18.4 r1-s7
Juniper Junos	Version 18.4 r1
Juniper Junos	Version 18.4 r2-s1
Juniper Junos	Version 18.4 r2-s2
Juniper Junos	Version 18.4 r2-s3
Juniper Junos	Version 18.4 r2-s4
Juniper Junos	Version 18.4 r2-s5
Juniper Junos	Version 18.4 r2-s6
Juniper Junos	Version 18.4 r2-s7
Juniper Junos	Version 18.4 r2-s8
Juniper Junos	Version 18.4 r2
Juniper Junos	Version 18.4 r3-s1
Juniper Junos	Version 18.4 r3-s2
Juniper Junos	Version 18.4 r3-s3
Juniper Junos	Version 18.4 r3-s4
Juniper Junos	Version 18.4 r3-s5
Juniper Junos	Version 18.4 r3-s6
Juniper Junos	Version 18.4 r3-s7
Juniper Junos	Version 18.4 r3-s8
Juniper Junos	Version 18.4 r3
Juniper Junos	Version 19.4 r1-s1
Juniper Junos	Version 19.4 r1-s2
Juniper Junos	Version 19.4 r1-s3
Juniper Junos	Version 19.4 r1
Juniper Junos	Version 19.4 r2-s1
Juniper Junos	Version 19.4 r2-s2
Juniper Junos	Version 19.4 r2-s3
Juniper Junos	Version 19.4 r2
Juniper Junos	Version 19.4 r3-s1
Juniper Junos	Version 19.4 r3-s2
Juniper Junos	Version 19.4 r3-s3
Juniper Junos	Version 19.4 r3
Juniper Junos	Version 20.1 r1-s1
Juniper Junos	Version 20.1 r1-s2
Juniper Junos	Version 20.1 r1-s3
Juniper Junos	Version 20.1 r1-s4
Juniper Junos	Version 20.1 r1
Juniper Junos	Version 20.1 r2-s1
Juniper Junos	Version 20.1 r2
Juniper Junos	Version 20.2 r1-s1
Juniper Junos	Version 20.2 r1-s2
Juniper Junos	Version 20.2 r1-s3
Juniper Junos	Version 20.2 r1
Juniper Junos	Version 20.2 r2-s1
Juniper Junos	Version 20.2 r2-s2
Juniper Junos	Version 20.2 r2-s3
Juniper Junos	Version 20.2 r2
Juniper Junos	Version 20.2 r3-s1
Juniper Junos	Version 20.2 r3
Juniper Junos	Version 20.3 r1-s1
Juniper Junos	Version 20.3 r1
Juniper Junos	Version 20.3 r2
Juniper Junos	Version 20.4 r1-s1
Juniper Junos	Version 20.4 r1
Juniper Junos	Version 21.1 r1-s1

Running on/with	Platform Versions
Juniper Srx100	All versions
Juniper Srx110	All versions
Juniper Srx1400	All versions
Juniper Srx1500	All versions
Juniper Srx210	All versions
Juniper Srx220	All versions
Juniper Srx240	All versions
Juniper Srx240h2	All versions
Juniper Srx300	All versions
Juniper Srx320	All versions
Juniper Srx340	All versions
Juniper Srx3400	All versions
Juniper Srx345	All versions
Juniper Srx3600	All versions
Juniper Srx380	All versions
Juniper Srx4000	All versions
Juniper Srx4100	All versions
Juniper Srx4200	All versions
Juniper Srx4600	All versions
Juniper Srx5000	All versions
Juniper Srx5400	All versions
Juniper Srx550	All versions
Juniper Srx550 Hm	All versions
Juniper Srx550m	All versions
Juniper Srx5600	All versions
Juniper Srx5800	All versions
Juniper Srx650	All versions

Related CWEs

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (2)

https://kb.juniper.net/JSA11191

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11191

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.