CVE-2021-0289 — MEDIUM (6.5)

Q: How severe is CVE-2021-0289?

CVE-2021-0289 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-0289?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Acx1000, Juniper Acx1100, Juniper Acx2000, Juniper Acx2100.

Vulnerability Description

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer. To review the desired ARP Policers and actual state one can run the command "show interfaces <> extensive" and review the output. See further details below. An example output is: show interfaces extensive | match policer Policer: Input: __default_arp_policer__ <<< incorrect if user ARP Policer was applied on an AE interface and the default ARP Policer is displayed Policer: Input: jtac-arp-ae5.317-inet-arp <<< correct if user ARP Policer was applied on an AE interface For all platforms, except SRX Series: This issue affects Juniper Networks Junos OS: All versions 5.6R1 and all later versions prior to 18.4 versions prior to 18.4R2-S9, 18.4R3-S9 with the exception of 15.1 versions 15.1R7-S10 and later versions; 19.4 versions prior to 19.4R3-S3; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; This issue does not affect Juniper Networks Junos OS versions prior to 5.6R1. On SRX Series this issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.4 versions prior to 19.4R3-S4; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S2; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. This issue does not affect 18.4 versions prior to 18.4R1 on SRX Series. This issue does not affect Junos OS Evolved.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	>= 5.7, < 15.1
Juniper	Acx1000	-
Juniper	Acx1100	-
Juniper	Acx2000	-
Juniper	Acx2100	-
Juniper	Acx2200	-
Juniper	Acx4000	-
Juniper	Acx500	-
Juniper	Acx5000	-
Juniper	Acx5048	-
Juniper	Acx5096	-
Juniper	Acx5400	-
Juniper	Acx5448	-
Juniper	Acx5800	-
Juniper	Acx6300	-
Juniper	Acx6360	-
Juniper	Acx710	-
Juniper	Atp400	-
Juniper	Atp700	-
Juniper	Csrx	-

Related Weaknesses (CWE)

CWE-367

References

https://kb.juniper.net/JSA11191Vendor Advisory
https://kb.juniper.net/JSA11191Vendor Advisory

FAQ

What is CVE-2021-0289?

CVE-2021-0289 is a vulnerability with a CVSS score of 6.5 (MEDIUM). When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Co...

How severe is CVE-2021-0289?

CVE-2021-0289 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-0289?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Acx1000, Juniper Acx1100, Juniper Acx2000, Juniper Acx2100.