CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
45.6%
Revision | Date | Changes |
---|---|---|
1.0 | October 9th, 2019 | Initial Release |
The CVE-IDs tracking this issue are CVE-2019-14810.
CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
This advisory is to document a security vulnerability that was identified internally by Arista Networks. Arista has not received evidence of this vulnerability being exploited, as of the date of this update. The vulnerability is in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions are listed below. Other Arista software products, such as CloudVision, including on-premises and cloud-based wireless services, Access Points, and 7130 MOS software, are not affected.
Establishing an LDP session with a malicious peer can result in the LDP agent crashing. Repeated attempts could potentially lead to a Denial of Service attack on route updates and potentially an out of memory condition.
Arista platforms that support LDP:
An intermediate mitigation is to setup LDP MD5 password configuration on existing sessions.
Configure LDP MD5 passwords on both LDP peers:
Arista(config)#mpls ldp
Arista(config-mpls-ldp)#password <password-string>
Arista(config-mpls-ldp)#copy running-config startup-config
LDP sessions authenticated with MD5 password are protected from this vulnerability.
The vulnerability is tracked by BUG400990 and BUG371998 for EOS. The recommended course of action is to install the provided hotfix or upgrade to a remediated EOS version once available.
Hotfix install instructions:
Patch file download URL: SecurityAdvisory0042Hotfix.swix
sha512: c94c650c46211cbdfd591865afe7b991b963fa3e153c2d1bb5174febb09160c4fc4bab1b8e08ba437f881a1df79aa00e86c854d5a9fa0e703c0baa15e25fb89c
For instructions on installation and verification of EOS extensions, refer to this section in the EOS User Manual: https://www.arista.com/en/um-eos/eos-section-6-7-managing-eos-extensions. Ensure that the extension is made persistent across reboots by copying the installed-extensions to boot-extensions.
The vulnerability is fixed in the following EOS versions:
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502
866-476-0000
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
45.6%