Monday, July 19, 2021

Juniper Junos OS: 2021-07 Security Bulletin: Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (JSA11191) (CVE-2021-0289)

Description
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer.
Solution(s)
  • juniper-junos-os-upgrade-latest


  • References
  • https://attackerkb.com/topics/cve-2021-0289
  • CVE - 2021-0289
  • JSA11191




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated