CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
85.0%
Revision | Date | Changes |
---|---|---|
1.0 | January 19th, 2021 | Initial Release |
1.1 | July 29th, 2021 | Updates to fixed versions |
The CVE-IDs tracking this issue are: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
CVSSv3.1 scores and vectors are as follows:
This advisory documents the impact of a vulnerability in Arista’s EOS software. Affected software releases are listed below.
Various issues with dnsmasq may result in the dns cache being poisoned by a malicious attacker. The impact is that other clients querying the EOS switch as a DNS server would receive invalid DNS records. This requires an optional configuration to be set in EOS to allow using the EOS switch as a DNS server. This issue may also be known as “DNSPooq” or “ICS-VU-668462” from different sources.
This is an externally found vulnerability and is released as part of a coordinated effort with CERT and dnsmasq.
Affected Software
EOS Versions
Affected Platforms
This vulnerability affects all EOS products including the 7xxx and 7xx Series switches and routers, and all CloudEOS packaging options.
The following products are not affected*:
Arista 7130 Systems running MOS
Arista Converged Cloud Fabric and DANZ Monitoring Fabric (Formerly Big Switch Nodes for BCF and BMF)
Arista Wireless Access Points
CloudVision Wi-Fi (on-premise and cloud service delivery)
CloudVision Portal, virtual appliance or physical appliance
CloudVision eXchange, virtual appliance or physical appliance
CloudVision as-a-Service
Please note that some Arista products allow customization of native Linux features beyond the scope of typical product usage. We recommend checking these systems to ensure DNS Proxy is not enabled.
In order to be vulnerable, the EOS device must be acting as a DNS server accessible to external devices. This is controlled by the “ip domain proxy” CLI command. This command must be enabled for the device to be vulnerable.
If the device is vulnerable, DNS queries may be altered from their intended upstream values. The only way to determine this is to query for the values using a validation tool and check that they have not been altered from their origin records.
If an EOS upgrade to the remediated version is not feasible, a hotfix patch is available as mitigation against this vulnerability.
The patch can be installed as an EOS extension and is applicable across all affected EOS versions. Installing the patch is briefly disruptive to DNS queries (less than 5 seconds), both externally to the switch and for internal switch services. Installing the patch is non-disruptive to non DNS based control plane traffic and data plane traffic.
For instructions on installation and verification of the hotfix patch, refer to this section in the EOS User Manual: https://www.arista.com/en/um-eos/eos-section-6-6-managing-eos-extensions. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.
This vulnerability is tracked by Bug 547813. The recommended resolution is to upgrade to a remediated EOS version.
The vulnerability is fixed in the following released versions of EOS - 4.21.14M , 4.22.9M , 4.23.7M , 4.24.5M , 4.25.2F
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
Please visit https://www.arista.com/en/support/customer-support for up to date information on how to open a service request via email or telephone.
Vendor | Product | Version | CPE |
---|---|---|---|
arista | eos | 4.25.1 | cpe:2.3:o:arista:eos:4.25.1:*:*:*:*:*:*:* |
arista | eos | 4.24.3.1 | cpe:2.3:o:arista:eos:4.24.3.1:*:*:*:*:*:*:* |
arista | eos | 4.23.6 | cpe:2.3:o:arista:eos:4.23.6:*:*:*:*:*:*:* |
arista | eos | 4.22.8.1 | cpe:2.3:o:arista:eos:4.22.8.1:*:*:*:*:*:*:* |
arista | eos | 4.21.13 | cpe:2.3:o:arista:eos:4.21.13:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
85.0%