Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0289

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

Published

2021-07-15T20:15:10.563

Last Modified

2024-11-21T05:42:24.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:N/I:N/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

5.5

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-367
Type: Primary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 15.1	Yes
Operating System	juniper	junos	< 18.4	Yes
Operating System	juniper	junos	5.6	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.1	Yes
Hardware	juniper	acx1000	-	No
Hardware	juniper	acx1100	-	No
Hardware	juniper	acx2000	-	No
Hardware	juniper	acx2100	-	No
Hardware	juniper	acx2200	-	No
Hardware	juniper	acx4000	-	No
Hardware	juniper	acx500	-	No
Hardware	juniper	acx5000	-	No
Hardware	juniper	acx5048	-	No
Hardware	juniper	acx5096	-	No
Hardware	juniper	acx5400	-	No
Hardware	juniper	acx5448	-	No
Hardware	juniper	acx5800	-	No
Hardware	juniper	acx6300	-	No
Hardware	juniper	acx6360	-	No
Hardware	juniper	acx710	-	No
Hardware	juniper	atp400	-	No
Hardware	juniper	atp700	-	No
Hardware	juniper	csrx	-	No
Hardware	juniper	ctp150	-	No
Hardware	juniper	ctp2008	-	No
Hardware	juniper	ctp2024	-	No
Hardware	juniper	ctp2056	-	No
Hardware	juniper	dx	-	No
Hardware	juniper	dx	5.1	No
Hardware	juniper	ex_rps	-	No
Hardware	juniper	ex2200	-	No
Hardware	juniper	ex2200-c	-	No
Hardware	juniper	ex2200-vc	-	No
Hardware	juniper	ex2300	-	No
Hardware	juniper	ex2300-c	-	No
Hardware	juniper	ex2300m	-	No
Hardware	juniper	ex3200	-	No
Hardware	juniper	ex3300	-	No
Hardware	juniper	ex3300-vc	-	No
Hardware	juniper	ex3400	-	No
Hardware	juniper	ex4200	-	No
Hardware	juniper	ex4200-vc	-	No
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4300-24p	-	No
Hardware	juniper	ex4300-24p-s	-	No
Hardware	juniper	ex4300-24t	-	No
Hardware	juniper	ex4300-24t-s	-	No
Hardware	juniper	ex4300-32f	-	No
Hardware	juniper	ex4300-32f-dc	-	No
Hardware	juniper	ex4300-32f-s	-	No
Hardware	juniper	ex4300-48mp	-	No
Hardware	juniper	ex4300-48mp-s	-	No
Hardware	juniper	ex4300-48p	-	No
Hardware	juniper	ex4300-48p-s	-	No
Hardware	juniper	ex4300-48t	-	No
Hardware	juniper	ex4300-48t-afi	-	No
Hardware	juniper	ex4300-48t-dc	-	No
Hardware	juniper	ex4300-48t-dc-afi	-	No
Hardware	juniper	ex4300-48t-s	-	No
Hardware	juniper	ex4300-48tafi	-	No
Hardware	juniper	ex4300-48tdc	-	No
Hardware	juniper	ex4300-48tdc-afi	-	No
Hardware	juniper	ex4300-mp	-	No
Hardware	juniper	ex4300-vc	-	No
Hardware	juniper	ex4300m	-	No
Hardware	juniper	ex4400	-	No
Hardware	juniper	ex4500	-	No
Hardware	juniper	ex4500-vc	-	No
Hardware	juniper	ex4550	-	No
Hardware	juniper	ex4550-vc	-	No
Hardware	juniper	ex4550\/vc	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4600-vc	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	ex6200	-	No
Hardware	juniper	ex6210	-	No
Hardware	juniper	ex8200	-	No
Hardware	juniper	ex8200-vc	-	No
Hardware	juniper	ex8208	-	No
Hardware	juniper	ex8216	-	No
Hardware	juniper	ex9200	-	No
Hardware	juniper	ex9204	-	No
Hardware	juniper	ex9208	-	No
Hardware	juniper	ex9214	-	No
Hardware	juniper	ex9250	-	No
Hardware	juniper	ex9251	-	No
Hardware	juniper	ex9253	-	No
Hardware	juniper	fips_infranet_controller_6500	-	No
Hardware	juniper	fips_secure_access_4000	-	No
Hardware	juniper	fips_secure_access_4500	-	No
Hardware	juniper	fips_secure_access_6000	-	No
Hardware	juniper	fips_secure_access_6500	-	No
Hardware	juniper	gfx3600	-	No
Hardware	juniper	idp250	-	No
Hardware	juniper	idp75	-	No
Hardware	juniper	idp800	-	No
Hardware	juniper	idp8200	-	No
Hardware	juniper	infranet_controller_4000	-	No
Hardware	juniper	infranet_controller_4500	-	No
Hardware	juniper	infranet_controller_6000	-	No
Hardware	juniper	infranet_controller_6500	-	No
Hardware	juniper	jatp	400	No
Hardware	juniper	jatp	700	No
Hardware	juniper	junos	-	No
Hardware	juniper	junos_space_ja1500_appliance	-	No
Hardware	juniper	junos_space_ja2500_appliance	-	No
Hardware	juniper	ln1000	-	No
Hardware	juniper	ln2600	-	No
Hardware	juniper	m10i	-	No
Hardware	juniper	m120	-	No
Hardware	juniper	m320	-	No
Hardware	juniper	m7i	-	No
Hardware	juniper	mag2600_gateway	-	No
Hardware	juniper	mag4610_gateway	-	No
Hardware	juniper	mag6610_gateway	-	No
Hardware	juniper	mag6611_gateway	-	No
Hardware	juniper	mx	-	No
Hardware	juniper	mx10	-	No
Hardware	juniper	mx10000	-	No
Hardware	juniper	mx10003	-	No
Hardware	juniper	mx10008	-	No
Hardware	juniper	mx10016	-	No
Hardware	juniper	mx104	-	No
Hardware	juniper	mx150	-	No
Hardware	juniper	mx2008	-	No
Hardware	juniper	mx2010	-	No
Hardware	juniper	mx2020	-	No
Hardware	juniper	mx204	-	No
Hardware	juniper	mx240	-	No
Hardware	juniper	mx40	-	No
Hardware	juniper	mx480	-	No
Hardware	juniper	mx5	-	No
Hardware	juniper	mx80	-	No
Hardware	juniper	mx960	-	No
Hardware	juniper	netscreen-5200	-	No
Hardware	juniper	netscreen-5400	-	No
Hardware	juniper	netscreen-5gt	-	No
Hardware	juniper	netscreen-5gt	5.0	No
Hardware	juniper	netscreen-idp	3.0	No
Hardware	juniper	netscreen-idp	3.0r1	No
Hardware	juniper	netscreen-idp	3.0r2	No
Hardware	juniper	netscreen-idp_10	-	No
Hardware	juniper	netscreen-idp_100	-	No
Hardware	juniper	netscreen-idp_1000	-	No
Hardware	juniper	netscreen-idp_500	-	No
Hardware	juniper	nfx	-	No
Hardware	juniper	nfx150	-	No
Hardware	juniper	nfx250	-	No
Hardware	juniper	nfx350	-	No
Hardware	juniper	nsm3000	-	No
Hardware	juniper	nsmexpress	-	No
Hardware	juniper	ocx1100	-	No
Hardware	juniper	ptx1000	-	No
Hardware	juniper	ptx1000-72q	-	No
Hardware	juniper	ptx10000	-	No
Hardware	juniper	ptx10001	-	No
Hardware	juniper	ptx10001-36mr	-	No
Hardware	juniper	ptx100016	-	No
Hardware	juniper	ptx10002	-	No
Hardware	juniper	ptx10002-60c	-	No
Hardware	juniper	ptx10003	-	No
Hardware	juniper	ptx10003_160c	-	No
Hardware	juniper	ptx10003_80c	-	No
Hardware	juniper	ptx10003_81cd	-	No
Hardware	juniper	ptx10004	-	No
Hardware	juniper	ptx10008	-	No
Hardware	juniper	ptx10016	-	No
Hardware	juniper	ptx3000	-	No
Hardware	juniper	ptx5000	-	No
Hardware	juniper	qfx10000	-	No
Hardware	juniper	qfx10002	-	No
Hardware	juniper	qfx10002-32q	-	No
Hardware	juniper	qfx10002-60c	-	No
Hardware	juniper	qfx10002-72q	-	No
Hardware	juniper	qfx10008	-	No
Hardware	juniper	qfx10016	-	No
Hardware	juniper	qfx3000-g	-	No
Hardware	juniper	qfx3000-m	-	No
Hardware	juniper	qfx3008-i	-	No
Hardware	juniper	qfx3100	-	No
Hardware	juniper	qfx3500	-	No
Hardware	juniper	qfx3600	-	No
Hardware	juniper	qfx3600-i	-	No
Hardware	juniper	qfx5100	-	No
Hardware	juniper	qfx5100-96s	-	No
Hardware	juniper	qfx5110	-	No
Hardware	juniper	qfx5120	-	No
Hardware	juniper	qfx5130	-	No
Hardware	juniper	qfx5200	-	No
Hardware	juniper	qfx5200-32c	-	No
Hardware	juniper	qfx5200-48y	-	No
Hardware	juniper	qfx5210	-	No
Hardware	juniper	qfx5210-64c	-	No
Hardware	juniper	qfx5220	-	No
Hardware	juniper	router_m10	-	No
Hardware	juniper	router_m16	-	No
Hardware	juniper	router_m20	-	No
Hardware	juniper	router_m40	-	No
Hardware	juniper	router_m5	-	No
Hardware	juniper	secure_access_2000	-	No
Hardware	juniper	secure_access_2500	-	No
Hardware	juniper	secure_access_4000	-	No
Hardware	juniper	secure_access_4500	-	No
Hardware	juniper	secure_access_6000	-	No
Hardware	juniper	secure_access_6500	-	No
Hardware	juniper	secure_access_700	-	No
Hardware	juniper	t1600	-	No
Hardware	juniper	t320	-	No
Hardware	juniper	t4000	-	No
Hardware	juniper	t640	-	No
Hardware	juniper	xre200	-	No
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	19.4	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.1	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.2	Yes
Operating System	juniper	junos	20.3	Yes
Operating System	juniper	junos	20.3	Yes
Operating System	juniper	junos	20.3	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.1	Yes
Hardware	juniper	srx100	-	No
Hardware	juniper	srx110	-	No
Hardware	juniper	srx1400	-	No
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx210	-	No
Hardware	juniper	srx220	-	No
Hardware	juniper	srx240	-	No
Hardware	juniper	srx240h2	-	No
Hardware	juniper	srx300	-	No
Hardware	juniper	srx320	-	No
Hardware	juniper	srx340	-	No
Hardware	juniper	srx3400	-	No
Hardware	juniper	srx345	-	No
Hardware	juniper	srx3600	-	No
Hardware	juniper	srx380	-	No
Hardware	juniper	srx4000	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx5000	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx550	-	No
Hardware	juniper	srx550_hm	-	No
Hardware	juniper	srx550m	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No
Hardware	juniper	srx650	-	No

References

https://kb.juniper.net/JSA11191 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11191 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)