Arista Networks EOS Multiple Vulnerabilities (SA0019)

high Nessus Plugin ID 107061
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities.

Description

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities :

- A flaw exists in NTP in the receive() function within file ntpd/ntp_proto.c that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2015-8138)

- A flaw exists in NTP when handling crafted Crypto NAK Packets having spoofed source addresses that match an existing associated peer. A unauthenticated, remote attacker can exploit this to demobilize a client association, resulting in a denial of service condition.
(CVE-2016-1547)

- A flaw exists in NTP when handling packets that have been spoofed to appear to be coming from a valid ntpd server, which may cause a switch to interleaved symmetric mode. An unauthenticated, remote attacker can exploit this, via a packet having a spoofed timestamp, to cause the client to reject future legitimate server responses, resulting in a denial of service condition.
(CVE-2016-1548)

- A flaw exits in NTP when handling a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat the clock selection algorithm and thereby modify a victim's clock.
(CVE-2016-1549)

- A flaw exists in NTP in the message authentication functionality of libntp that is triggered when handling a series of specially crafted messages. An unauthenticated, remote attacker can exploit this to partially recover the message digest key.
(CVE-2016-1550)

Solution

Contact the vendor for a fixed version.

See Also

http://www.nessus.org/u?dabe6203

Plugin Details

Severity: High

ID: 107061

File Name: arista_eos_sa0019.nasl

Version: 1.8

Type: combined

Family: Misc.

Published: 2/28/2018

Updated: 3/13/2020

Dependencies: arista_eos_detect.nbin

Risk Information

CVSS Score Source: CVE-2016-1548

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:arista:eos

Required KB Items: Host/Arista-EOS/Version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/17/2015

Reference Information

CVE: CVE-2015-8138, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550

BID: 81811, 88200, 88261, 88264, 88276

CERT: 718152