Arista Networks EOS IPv6 Neighbor Discovery Packet DoS (SA0022)

Medium Nessus Plugin ID 107064

Synopsis

The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability.

Description

The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability due to a flaw when handling specially crafted IPv6 Neighbor Discovery packets from non link-local sources. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to fill up the packet processing queue, thereby causing legitimate IPv6 Neighbor Discovery packets to be dropped.

Solution

Contact the vendor for a fixed version. Alternatively, apply the recommended mitigations referenced in the vendor advisory.

See Also

http://www.nessus.org/u?0854f1db

Plugin Details

Severity: Medium

ID: 107064

File Name: arista_eos_sa0022.nasl

Version: 1.4

Type: combined

Family: Misc.

Published: 2018/02/28

Modified: 2018/08/09

Dependencies: 107070

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Information

CPE: cpe:/o:arista:eos

Required KB Items: Host/Arista-EOS/Version

Patch Publication Date: 2016/06/15

Vulnerability Publication Date: 2016/06/15