Juniper Networks Junos OS MX10k Series TOCTOU Race Condition Vulnerability Leading to Line Card Reset

A Time-of-check Time-of-use (TOCTOU) race condition vulnerability has been identified in Juniper Networks Junos OS on MX10k Series routers. This vulnerability allows a local, low-privileged attacker to cause an LC480 or LC2101 line card to reset by repeatedly executing the 'show system firmware' command. The initial command execution collects firmware statistics, but the vulnerability arises from the timing of the command's execution, leading to a race condition that causes the line card to crash and restart. After a delay, the chassisd process may also crash and restart, creating a core dump. This issue affects all versions of Junos OS on MX10k Series, except for specific releases that have been updated to address the vulnerability.

Impact

Exploitation of this vulnerability causes the affected line card to crash and restart. Following this, the chassisd process may also crash and restart, generating a core dump.

Remediation

Users can update to Junos OS versions 21.2R3-S10, 21.4R3-S9, 22.2R3-S7, 22.4R3-S6, 23.2R2-S2, 23.4R2-S3, 24.2R2, 24.4R1, or any subsequent release. Additionally, CLI authorization can be used to limit access to the 'show system firmware' command.