CVE-2021-0247

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 14.1X53-D53 Juniper Networks Junos OS versions 14.1R1 and later versions prior to 15.1R7-S6 Juniper Networks Junos OS versions prior to 15.1X53-D593 Juniper Networks Junos OS versions prior to 16.1R7-S7 Juniper Networks Junos OS versions prior to 16.2R2-S11, 16.2R3 Juniper Networks Junos OS versions prior to 17.1R2-S11, 17.1R3-S2 Juniper Networks Junos OS versions prior to 17.2R1-S9, 17.2R3-S3 Juniper Networks Junos OS versions prior to 17.3R2-S5, 17.3R3-S7 Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3 Juniper Networks Junos OS versions prior to 18.1R3-S9 Juniper Networks Junos OS versions prior to 18.2R2-S6, 18.2R3-S3 Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 Juniper Networks Junos OS versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2

Description: A Race Condition vulnerability in the firewall process of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue can be detected by reviewing the PFE firewall rules, as well as the firewall counters. For example, the show firewall command can be used to check the counters, and if they are not incrementing, it may indicate a problem.

Recommendations: For Juniper Networks Junos OS versions prior to 14.1X53-D53, update to version 14.1X53-D53 or later. For Juniper Networks Junos OS versions 14.1R1 and later versions prior to 15.1R7-S6, update to version 15.1R7-S6 or later. For Juniper Networks Junos OS versions prior to 15.1X53-D593, update to version 15.1X53-D593 or later. For Juniper Networks Junos OS versions prior to 16.1R7-S7, update to version 16.1R7-S7 or later. For Juniper Networks Junos OS versions prior to 16.2R2-S11, 16.2R3, update to version 16.2R2-S11, 16.2R3 or later. For Juniper Networks Junos OS versions prior to 17.1R2-S11, 17.1R3-S2, update to version 17.1R2-S11, 17.1R3-S2 or later. For Juniper Networks Junos OS versions prior to 17.2R1-S9, 17.2R3-S3, update to version 17.2R1-S9, 17.2R3-S3 or later. For Juniper Networks Junos OS versions prior to 17.3R2-S5, 17.3R3-S7, update to version 17.3R2-S5, 17.3R3-S7 or later. For Juniper Networks Junos OS versions prior to 17.4R2-S9, 17.4R3, update to version 17.4R2-S9, 17.4R3 or later. For Juniper Networks Junos OS versions prior to 18.1R3-S9, update to version 18.1R3-S9 or later. For Juniper Networks Junos OS versions prior to 18.2R2-S6, 18.2R3-S3, update to version 18.2R2-S6, 18.2R3-S3 or later. For Juniper Networks Junos OS versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, update to version 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 or later. For Juniper Networks Junos OS versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3, update to version 18.4R1-S5, 18.4R2-S3, 18.4R2-S7, 18.4R3 or later. For Juniper Networks Junos OS versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3, update to version 19.1R1-S4, 19.1R2-S1, 19.1R3 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2, update to version 19.2R1-S3, 19.2R2 or later.