Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0289

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.5, indicating it requires adjacent network access with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 229 products from juniper, from juniper, from juniper and 226 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-07-15T20:15:10.563

Last Modified

2024-11-21T05:42:24.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

5.5

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-367
  • Type: Primary
    CWE-367
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System juniper junos < 15.1 Yes
Operating System juniper junos < 18.4 Yes
Operating System juniper junos 5.6 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 21.1 Yes
Hardware juniper acx1000 - No
Hardware juniper acx1100 - No
Hardware juniper acx2000 - No
Hardware juniper acx2100 - No
Hardware juniper acx2200 - No
Hardware juniper acx4000 - No
Hardware juniper acx500 - No
Hardware juniper acx5000 - No
Hardware juniper acx5048 - No
Hardware juniper acx5096 - No
Hardware juniper acx5400 - No
Hardware juniper acx5448 - No
Hardware juniper acx5800 - No
Hardware juniper acx6300 - No
Hardware juniper acx6360 - No
Hardware juniper acx710 - No
Hardware juniper atp400 - No
Hardware juniper atp700 - No
Hardware juniper csrx - No
Hardware juniper ctp150 - No
Hardware juniper ctp2008 - No
Hardware juniper ctp2024 - No
Hardware juniper ctp2056 - No
Hardware juniper dx - No
Hardware juniper dx 5.1 No
Hardware juniper ex_rps - No
Hardware juniper ex2200 - No
Hardware juniper ex2200-c - No
Hardware juniper ex2200-vc - No
Hardware juniper ex2300 - No
Hardware juniper ex2300-c - No
Hardware juniper ex2300m - No
Hardware juniper ex3200 - No
Hardware juniper ex3300 - No
Hardware juniper ex3300-vc - No
Hardware juniper ex3400 - No
Hardware juniper ex4200 - No
Hardware juniper ex4200-vc - No
Hardware juniper ex4300 - No
Hardware juniper ex4300-24p - No
Hardware juniper ex4300-24p-s - No
Hardware juniper ex4300-24t - No
Hardware juniper ex4300-24t-s - No
Hardware juniper ex4300-32f - No
Hardware juniper ex4300-32f-dc - No
Hardware juniper ex4300-32f-s - No
Hardware juniper ex4300-48mp - No
Hardware juniper ex4300-48mp-s - No
Hardware juniper ex4300-48p - No
Hardware juniper ex4300-48p-s - No
Hardware juniper ex4300-48t - No
Hardware juniper ex4300-48t-afi - No
Hardware juniper ex4300-48t-dc - No
Hardware juniper ex4300-48t-dc-afi - No
Hardware juniper ex4300-48t-s - No
Hardware juniper ex4300-48tafi - No
Hardware juniper ex4300-48tdc - No
Hardware juniper ex4300-48tdc-afi - No
Hardware juniper ex4300-mp - No
Hardware juniper ex4300-vc - No
Hardware juniper ex4300m - No
Hardware juniper ex4400 - No
Hardware juniper ex4500 - No
Hardware juniper ex4500-vc - No
Hardware juniper ex4550 - No
Hardware juniper ex4550-vc - No
Hardware juniper ex4550\/vc - No
Hardware juniper ex4600 - No
Hardware juniper ex4600-vc - No
Hardware juniper ex4650 - No
Hardware juniper ex6200 - No
Hardware juniper ex6210 - No
Hardware juniper ex8200 - No
Hardware juniper ex8200-vc - No
Hardware juniper ex8208 - No
Hardware juniper ex8216 - No
Hardware juniper ex9200 - No
Hardware juniper ex9204 - No
Hardware juniper ex9208 - No
Hardware juniper ex9214 - No
Hardware juniper ex9250 - No
Hardware juniper ex9251 - No
Hardware juniper ex9253 - No
Hardware juniper fips_infranet_controller_6500 - No
Hardware juniper fips_secure_access_4000 - No
Hardware juniper fips_secure_access_4500 - No
Hardware juniper fips_secure_access_6000 - No
Hardware juniper fips_secure_access_6500 - No
Hardware juniper gfx3600 - No
Hardware juniper idp250 - No
Hardware juniper idp75 - No
Hardware juniper idp800 - No
Hardware juniper idp8200 - No
Hardware juniper infranet_controller_4000 - No
Hardware juniper infranet_controller_4500 - No
Hardware juniper infranet_controller_6000 - No
Hardware juniper infranet_controller_6500 - No
Hardware juniper jatp 400 No
Hardware juniper jatp 700 No
Hardware juniper junos - No
Hardware juniper junos_space_ja1500_appliance - No
Hardware juniper junos_space_ja2500_appliance - No
Hardware juniper ln1000 - No
Hardware juniper ln2600 - No
Hardware juniper m10i - No
Hardware juniper m120 - No
Hardware juniper m320 - No
Hardware juniper m7i - No
Hardware juniper mag2600_gateway - No
Hardware juniper mag4610_gateway - No
Hardware juniper mag6610_gateway - No
Hardware juniper mag6611_gateway - No
Hardware juniper mx - No
Hardware juniper mx10 - No
Hardware juniper mx10000 - No
Hardware juniper mx10003 - No
Hardware juniper mx10008 - No
Hardware juniper mx10016 - No
Hardware juniper mx104 - No
Hardware juniper mx150 - No
Hardware juniper mx2008 - No
Hardware juniper mx2010 - No
Hardware juniper mx2020 - No
Hardware juniper mx204 - No
Hardware juniper mx240 - No
Hardware juniper mx40 - No
Hardware juniper mx480 - No
Hardware juniper mx5 - No
Hardware juniper mx80 - No
Hardware juniper mx960 - No
Hardware juniper netscreen-5200 - No
Hardware juniper netscreen-5400 - No
Hardware juniper netscreen-5gt - No
Hardware juniper netscreen-5gt 5.0 No
Hardware juniper netscreen-idp 3.0 No
Hardware juniper netscreen-idp 3.0r1 No
Hardware juniper netscreen-idp 3.0r2 No
Hardware juniper netscreen-idp_10 - No
Hardware juniper netscreen-idp_100 - No
Hardware juniper netscreen-idp_1000 - No
Hardware juniper netscreen-idp_500 - No
Hardware juniper nfx - No
Hardware juniper nfx150 - No
Hardware juniper nfx250 - No
Hardware juniper nfx350 - No
Hardware juniper nsm3000 - No
Hardware juniper nsmexpress - No
Hardware juniper ocx1100 - No
Hardware juniper ptx1000 - No
Hardware juniper ptx1000-72q - No
Hardware juniper ptx10000 - No
Hardware juniper ptx10001 - No
Hardware juniper ptx10001-36mr - No
Hardware juniper ptx100016 - No
Hardware juniper ptx10002 - No
Hardware juniper ptx10002-60c - No
Hardware juniper ptx10003 - No
Hardware juniper ptx10003_160c - No
Hardware juniper ptx10003_80c - No
Hardware juniper ptx10003_81cd - No
Hardware juniper ptx10004 - No
Hardware juniper ptx10008 - No
Hardware juniper ptx10016 - No
Hardware juniper ptx3000 - No
Hardware juniper ptx5000 - No
Hardware juniper qfx10000 - No
Hardware juniper qfx10002 - No
Hardware juniper qfx10002-32q - No
Hardware juniper qfx10002-60c - No
Hardware juniper qfx10002-72q - No
Hardware juniper qfx10008 - No
Hardware juniper qfx10016 - No
Hardware juniper qfx3000-g - No
Hardware juniper qfx3000-m - No
Hardware juniper qfx3008-i - No
Hardware juniper qfx3100 - No
Hardware juniper qfx3500 - No
Hardware juniper qfx3600 - No
Hardware juniper qfx3600-i - No
Hardware juniper qfx5100 - No
Hardware juniper qfx5100-96s - No
Hardware juniper qfx5110 - No
Hardware juniper qfx5120 - No
Hardware juniper qfx5130 - No
Hardware juniper qfx5200 - No
Hardware juniper qfx5200-32c - No
Hardware juniper qfx5200-48y - No
Hardware juniper qfx5210 - No
Hardware juniper qfx5210-64c - No
Hardware juniper qfx5220 - No
Hardware juniper router_m10 - No
Hardware juniper router_m16 - No
Hardware juniper router_m20 - No
Hardware juniper router_m40 - No
Hardware juniper router_m5 - No
Hardware juniper secure_access_2000 - No
Hardware juniper secure_access_2500 - No
Hardware juniper secure_access_4000 - No
Hardware juniper secure_access_4500 - No
Hardware juniper secure_access_6000 - No
Hardware juniper secure_access_6500 - No
Hardware juniper secure_access_700 - No
Hardware juniper t1600 - No
Hardware juniper t320 - No
Hardware juniper t4000 - No
Hardware juniper t640 - No
Hardware juniper xre200 - No
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 18.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 19.4 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.1 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.2 Yes
Operating System juniper junos 20.3 Yes
Operating System juniper junos 20.3 Yes
Operating System juniper junos 20.3 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 20.4 Yes
Operating System juniper junos 21.1 Yes
Hardware juniper srx100 - No
Hardware juniper srx110 - No
Hardware juniper srx1400 - No
Hardware juniper srx1500 - No
Hardware juniper srx210 - No
Hardware juniper srx220 - No
Hardware juniper srx240 - No
Hardware juniper srx240h2 - No
Hardware juniper srx300 - No
Hardware juniper srx320 - No
Hardware juniper srx340 - No
Hardware juniper srx3400 - No
Hardware juniper srx345 - No
Hardware juniper srx3600 - No
Hardware juniper srx380 - No
Hardware juniper srx4000 - No
Hardware juniper srx4100 - No
Hardware juniper srx4200 - No
Hardware juniper srx4600 - No
Hardware juniper srx5000 - No
Hardware juniper srx5400 - No
Hardware juniper srx550 - No
Hardware juniper srx550_hm - No
Hardware juniper srx550m - No
Hardware juniper srx5600 - No
Hardware juniper srx5800 - No
Hardware juniper srx650 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For juniper's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.