ID CVE-2016-6894
Summary Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.
References
Vulnerable Configurations
  • cpe:2.3:o:arista:dcs-7050t_eos_software:4.15
    cpe:2.3:o:arista:dcs-7050t_eos_software:4.15
  • Arista DCS-7050T
    cpe:2.3:h:arista:dcs-7050t
  • cpe:2.3:o:arista:dcs-7050q_eos_software:4.15
    cpe:2.3:o:arista:dcs-7050q_eos_software:4.15
  • cpe:2.3:h:arista:dcs-7050q
    cpe:2.3:h:arista:dcs-7050q
  • cpe:2.3:o:arista:dcs-7050s_eos_software:4.15
    cpe:2.3:o:arista:dcs-7050s_eos_software:4.15
  • Arista DCS-7050S
    cpe:2.3:h:arista:dcs-7050s
CVSS
Base: 7.8 (as of 05-01-2017 - 13:47)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family Misc.
NASL id ARISTA_EOS_SA0025.NASL
description The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability due to an unspecified flaw when handling certain packets sent to the control plane. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the device to reboot.
last seen 2019-02-21
modified 2018-08-09
plugin id 107068
published 2018-02-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=107068
title Arista Networks EOS Control Plane Packet Handling DoS (SA0025)
refmap via4
bid 95267
confirm https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25
Last major update 06-01-2017 - 22:00
Published 04-01-2017 - 16:59
Back to Top