Juniper Junos OS: 2021-07 Security Bulletin: Junos OS: User-defined ARP Policer isn't applied on Aggregated Ethernet (AE) interface until firewall process is restarted (JSA11191) (CVE-2021-0289)
Description
When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device Control Daemon (DCD) and firewall process (dfwd) daemons of Juniper Networks Junos OS allows an attacker to bypass the user-defined ARP Policer. In this particular case the User ARP policer is replaced with default ARP policer.
Solution(s)
juniper-junos-os-upgrade-latest
Referenceshttps://attackerkb.com/topics/cve-2021-0289CVE - 2021-0289JSA11191