CVE-2021-0225

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions 19.1R1-EVO through 20.3R1-S1-EVO Juniper Networks Junos OS Evolved version 20.3R2-EVO

Description: The issue is caused by an improper check for unusual or exceptional conditions, which may prevent the stateless firewall filter configuration from taking effect when using the action 'policer' in certain combinations with other options. An administrator can identify failures with filter configuration using the CLI command show log kfirewall-agent.log | match ERROR, which may display an error message indicating that the filter is not supported.

Recommendations: For Juniper Networks Junos OS Evolved versions 19.1R1-EVO through 20.3R1-S1-EVO, update to version 20.3R1-S2-EVO or later. For Juniper Networks Junos OS Evolved version 20.3R2-EVO, update to a version that includes the fix for this issue. As a temporary workaround, consider reviewing and adjusting the stateless firewall filter configuration to avoid using the action 'policer' in combinations that may cause the issue.