Revision | Date | Changes |
---|---|---|
1.0 | February 20, 2024 | Initial release |
CVSSv3.1 Base Score: 9.8 (CVSS:3.1AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )
Common Weakness Enumeration: CWE-1394 Use of default cryptographic key
This vulnerability is being tracked by BUG 880654
On affected platforms running CloudVision Portal Virtual Appliances on AWS/GCP, a public key is present in the /root/.ssh/authorized_keys file. This key, however, cannot be used unless the accompanying private key is available. While this key is believed to have been deleted, this advisory is being released out of an abundance of caution.
This issue was reported by an external source. Arista is not aware of any malicious uses of this issue in customer networks.
This issue is NOT present in the standard offerings of CloudVision Portal, including:
This issue is only present in extremely limited offerings of the Cloudvision Portal virtual appliance software as made available specifically by Arista for unique customer deployments. In particular, a package of CentOS 7.9 combined with CloudVision Portal software was made available to a very limited number of customers.
CVP on AWS
CVP on GCP
The following products are affected by this vulnerability:
CVP on AWS
AMIs with CentOS version 7.9.2009 that have the following AMI IDs:
CVP on GCP
The following product versions and platforms are not affected by this vulnerability:
CloudVision Portal, when deployed in certain configurations on AWS
CloudVision Portal, when deployed in certain configurations on GCP
Arista EOS-based products:
Arista Wireless Access Points
CloudVision WiFi, virtual appliance or physical appliance
CloudVision WiFi cloud service delivery
CloudVision eXchange, virtual or physical appliance
CloudVision Portal, virtual appliance or physical appliance
CloudVision as-a-Service
CloudVision AGNI
Arista 7130 Systems running MOS
Arista Converged Cloud Fabric and DANZ Monitoring Fabric (Formerly Big Switch Nodes for BCF and BMF)
Arista Network Detection and Response (NDR) Security Platform (Formerly Awake NDR)
Arista Edge Threat Management - Arista NG Firewall and Arista Micro Edge (Formerly Untangle)
In order to be vulnerable to this issue for AWS systems, the following conditions must be met:
• User must have access to the affected AMI’s as indicated above
In order to be vulnerable to this issue for GCP systems, the following conditions must be met:
User must have deployed the affected image. This image was not formally released but can be identified in the GCP Storage Bucket UI as having the crc32c hash: Rvd78A==. To check for exposure from the gcloud CLI the following command can be run:
$ gsutil stat gs:///centos79-cvp.tar.gz
gs:///centos79-cvp.tar.gz:
Creation time: Mon, 29 Nov 2021 11:16:54 GMT
Update time: Mon, 29 Nov 2021 11:16:54 GMT
Storage class: STANDARD
Content-Length: 1311712877
Content-Type: None
Component-Count: 5
**Hash (crc32c):** **Rvd78A==**
ETag: CLnBn6C5vfQCEAE=
Generation: 1638184614617273
Metageneration: 1
The workaround for AWS is to remove this public key from the /root/.ssh/authorized_keys file. It can be done by running the following command via CLI:
sudo sed -i '/tanayam-test-centos-new-0813/d' /root/.ssh/authorized_keys
The workaround for GCP is to remove this public key from the /root/.ssh/authorized_keys file. It can be done by running the following command via CLI:
sudo sed -i ‘/root@DIEGO-NOTEBOOK/d’ /root/.ssh/authorized_keys
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.
AWS: This issue has been fixed in the following CVP on AWS releases:
GCP: This issue was present in privately-available images only. If you’re affected please contact your SE for a link to an updated version.
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502 ; 866-476-0000
Contact information needed to open a new service request may be found at: https://www.arista.com/en/support/customer-support