CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
59.1%
Date: April 5th, 2018
Version: 1.0
Revision | Date | Changes |
---|---|---|
1.0 | April 5th, 2018 | Initial Release |
**Affected Platforms:**All EOS platforms
**Affected Software Version:**EOS-4.20.1F release.
The CVE-ID tracking this issue is CVE-2018-5254
CVSS v3: 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
**Impact:**This advisory is to document a security vulnerability that affects Arista products.
The switchβs Rib agent may restart if a malicious BGP peer sends an UPDATE message containing a malformed path attribute. Such BGP updates are not expected to be received in typical production environments and have to be crafted and sent with the malformed values by a malicious BGP speaker.
There will be a log message when the switch receives such malformed packets prior to the rib agent restarting.
20xx-xx-08T04:27:52.328647+00:00 switch Rib: %BGP-5-UPDATE-ERROR: attribute AS Path in update from peer 1.1.1.2 (AS 65502) is malformed, treating as Withdraw.
20xx-xx-08T04:27:52.328647+00:00 switch Rib: %AGENT-6-INITIALIZED: Agent 'Rib' initialized; pid=10873
Mitigation:
It is recommended to configure static BGP neighbors with strong BGP authentication keys to protect against unauthorized BGP peers in sending malformed BGP packets.
BUG 229418 tracks this vulnerability. A fix for this issue is available from SW versions 4.20.2F onwards.
**Note:**This vulnerability was identified internally by Arista Networks and Arista has not received evidence of this being exploited, as of the date of this update.
**Resolution:**It is recommended to upgrade EOS to versions with the fix or install the patch provided on affected versions of EOS
Patch file download URL:
SecurityAdvisory0033Hotfix.swix
Sha256 sum is:
[admin@switch flash]$ sha256sum SecurityAdvisory0033Hotfix.swix
c0d8bea145222d9e28eca08d429bc3e14f8e30a86495a41501f1fefe84b9713b SecurityAdvisory0033Hotfix.swix
Note:
Instructions to install the patch:
Download the patch file and copy the file to the extension partition of the switch using one of the supported file transfer protocols:
switch#copy scp://10.10.0.1/SecurityAdvisory0033Hotfix.swix extension:
switch#verify /sha256 extension:SecurityAdvisory0033Hotfix.swix
Verify that the checksum value returned by the above command matches the provided SHA256 checksum for the file
Install the patch using the extension command. The patch takes effect immediately at the time of installation.
switch#extension SecurityAdvisory0033Hotfix.swix
Verify that the patch is installed using the following commands:
switch#show extensions
Name Version/Release Status Extension
----------------------------------- -------------------- ----------- ---------
SecurityAdvisory0033Hotfix.swix 1.0.0/eng A, I 1
Make the patch persistent across reloads. This ensures that the patch is installed as part of the boot-sequence. The patch will not install on EOS versions with the security fix.
switch#copy installed-extensions boot-extensions
switch#show boot-extensions
SecurityAdvisory0033Hotfix.swix
For dual supervisor systems run the above copy command on both active and standby supervisors:
switch(s1)#copy installed-extensions boot-extensions
switch(s2-standby)#copy installed-extensions to boot-extensions
References:
CVE-2018-5254
For More Information:
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
Open a Service Request:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502
866-476-0000
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
59.1%