CVE-2021-31382

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on PTX1000 System versions 17.2R1 through 20.4R2 Juniper Networks Junos OS on PTX10002-60C System versions 18.2R1 through 21.3R2

Description A Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them, and interfaces with one type of protection pattern may have alternate protections assigned to them. These firewall rule misassignments may allow genuine traffic intended to be stopped at the interface to propagate further, potentially causing disruptions in services by propagating unwanted traffic. An attacker may be able to take advantage of these misassignments. This issue impacts all filter families (inet, inet6, etc.) and all loopback filters, affecting both logical and physical interfaces.

Recommendations For Juniper Networks Junos OS on PTX1000 System versions 17.2R1 through 20.4R2, update to a version later than 20.4R2. For Juniper Networks Junos OS on PTX10002-60C System versions 18.2R1 through 21.3R2, update to a version later than 21.3R2. As a temporary workaround, consider restricting access to the vulnerable chassisd and dfwd processes until a patch is available.