CVE-2021-0247Race Condition in Networks Junos OS

CWE-362Race Condition4 documents4 sources
Severity
5.5MEDIUMNVD
CNA5.1
EPSS
0.2%
top 54.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is detectable by reviewing the PFE firewall rules, as well as the firewall counters and seeing if they are incrementing or not. For example: show firewall Filter: __default_bpdu_filter__ Filter: FILTER-I

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_os14.1X5314.1X53-D53+15
NVDjuniper/junos17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-r8xp-mxfm-j25m: A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Ne2022-05-24
CVEList
Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0247: A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Ne2021-04-22
CVE-2021-0247 — Race Condition in Networks Junos OS | cvebase