Arista Networks EOS Multiple Vulnerabilities (SA0019)
Medium Nessus Plugin ID 107061
Synopsis
The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities.
Description
The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities :
- A flaw exists in NTP in the receive() function within file ntpd/ntp_proto.c that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2015-8138)
- A flaw exists in NTP when handling crafted Crypto NAK Packets having spoofed source addresses that match an existing associated peer. A unauthenticated, remote attacker can exploit this to demobilize a client association, resulting in a denial of service condition.
(CVE-2016-1547)
- A flaw exists in NTP when handling packets that have been spoofed to appear to be coming from a valid ntpd server, which may cause a switch to interleaved symmetric mode. An unauthenticated, remote attacker can exploit this, via a packet having a spoofed timestamp, to cause the client to reject future legitimate server responses, resulting in a denial of service condition.
(CVE-2016-1548)
- A flaw exits in NTP when handling a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat the clock selection algorithm and thereby modify a victim's clock.
(CVE-2016-1549)
- A flaw exists in NTP in the message authentication functionality of libntp that is triggered when handling a series of specially crafted messages. An unauthenticated, remote attacker can exploit this to partially recover the message digest key.
(CVE-2016-1550)
Solution
Contact the vendor for a fixed version.