CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.9%
Date: May 15th, 2017
Version: 1.0
Revision | Date | Changes |
---|---|---|
1.0 | May 15th, 2017 | Initial Release |
Arista Products vulnerability report for CVE-2016-7117
On October 2016, information was released about a security advisory for a vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2
From internal investigations it has been confirmed that Arista Networkβs software products EOS and Cloud Vision Portal (CVP) are not exploitable to this vulnerability.
Description:
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
This security issue relies on the user being able to have precise control over how the system call is invoked to trigger any potential issues, making this a non-issue within Arista products. However we have opened BUG186359 and BUG188078 to address this scenario in future EOS and CVP releases respectively.
References:
<https://vulners.com/cve/CVE-2016-7117>
<http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2>
Open a Service Request:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502
866-476-0000
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.9%