A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Arista
  • 7280r
  • 7280r2
  • 7500e
  • 7500r
  • 7500r2
  • 7500r3
  • 7280r3
  • 7020r
  • Extensible Operating System
  • 7280e

Configuration 1 [-]

AND
OR cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:4.17:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:4.18:*:*:*:*:*:*:*
cpe:2.3:o:arista:extensible_operating_system:4.22.1f:*:*:*:*:*:*:*
OR cpe:2.3:h:arista:7020r:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280r:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500e:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*
References
Link Resource
https://www.arista.com/en/support/advisories-notices Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/8321-security-advisory-42 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-10T18:07:51

Updated: 2019-10-10T18:07:51

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14810

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2019-10-10T19:15:10.950

Modified: 2019-10-21T13:31:04.857

Link: CVE-2019-14810

JSON object: View

cve-icon Redhat Information

No data.

CWE