CVE-2021-31382 — Race Condition in Networks Junos OS

CWE-362 — Race Condition4 documents4 sources

Severity

9.0CRITICALNVD

CNA6.5

EPSS

0.2%

top 55.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 19

Latest updateMay 24

Description

On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) and firewall process (dfwd) of Juniper Networks Junos OS, may update the device's interfaces with incorrect firewall filters. This issue only occurs when upgrading the device to an affected version of Junos OS. Interfaces intended to have protections may have no protections assigned to them. Interfaces with one type of protection pattern may have al…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os17.2R1 — 17.2*+24

▶NVDjuniper/junos22 versions+21

🔴Vulnerability Details

GHSA

GHSA-m32x-7537-hv5q: On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) a↗2022-05-24

▶

CVEList

Junos OS: PTX1000 System, PTX10002-60C System: After upgrading, configured firewall filters may be applied on incorrect interfaces↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31382: On PTX1000 System, PTX10002-60C System, after upgrading to an affected release, a Race Condition vulnerability between the chassis daemon (chassisd) a↗2021-10-19

▶