Arista Networks EOS Multiple Vulnerabilities (SA0019)

Medium Nessus Plugin ID 107061

Synopsis

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities.

Description

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities :

- A flaw exists in NTP in the receive() function within file ntpd/ntp_proto.c that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2015-8138)

- A flaw exists in NTP when handling crafted Crypto NAK Packets having spoofed source addresses that match an existing associated peer. A unauthenticated, remote attacker can exploit this to demobilize a client association, resulting in a denial of service condition.
(CVE-2016-1547)

- A flaw exists in NTP when handling packets that have been spoofed to appear to be coming from a valid ntpd server, which may cause a switch to interleaved symmetric mode. An unauthenticated, remote attacker can exploit this, via a packet having a spoofed timestamp, to cause the client to reject future legitimate server responses, resulting in a denial of service condition.
(CVE-2016-1548)

- A flaw exits in NTP when handling a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat the clock selection algorithm and thereby modify a victim's clock.
(CVE-2016-1549)

- A flaw exists in NTP in the message authentication functionality of libntp that is triggered when handling a series of specially crafted messages. An unauthenticated, remote attacker can exploit this to partially recover the message digest key.
(CVE-2016-1550)

Solution

Contact the vendor for a fixed version.

See Also

http://www.nessus.org/u?dabe6203

Plugin Details

Severity: Medium

ID: 107061

File Name: arista_eos_sa0019.nasl

Version: 1.4

Type: combined

Family: Misc.

Published: 2018/02/28

Modified: 2018/08/09

Dependencies: 107070

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Vulnerability Information

CPE: cpe:/o:arista:eos

Required KB Items: Host/Arista-EOS/Version, Host/Arista-EOS/eos_shell

Vulnerability Publication Date: 2015/10/17

Reference Information

CVE: CVE-2015-8138, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550

BID: 81811, 88200, 88261, 88264, 88276

CERT: 718152