CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
37.4%
April 26th, 2022
Revision | Date | Changes |
---|---|---|
1.0 | April 26th, 2022 | Initial release |
1.1 | May 16th, 2022 | Updated hotfix information |
The CVE-ID tracking this issue: CVE-2021-28510
CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Common Weakness Enumeration: CWE-400 (Uncontrolled Resource Consumption)
This vulnerability is being tracked by BUG638107
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
The impact of this issue is that a remote attacker can make the PTP service unavailable. If this happens, the switch will fail to provide PTP time synchronization services to the devices downstream, leading to the degrading of the time maintained by the downstream devices.
This issue was discovered by a customer and Arista is not aware of any malicious uses of this issue in customer networks.
EOS Versions
The following products are affected by this vulnerability:
Any platform supporting PTP.
Arista EOS-based products:
The following product versions and platforms are not affected by this vulnerability:
In order to be vulnerable to CVE-2021-28510 the following conditions must be be met:
PTP should be enabled on the switch. To determine if PTP is enabled on the switch,
switch# show ptp
PTP Mode: Boundary Clock
PTP Profile: Default ( IEEE1588 )
Clock Identity: 0x74:83:ef:ff:ff:00:23:b1
Grandmaster Clock Identity: 0x00:00:00:00:00:00:00:00
Number of slave ports: 1
Number of master ports: 4
Offset From Master (nanoseconds): 0
Mean Path Delay (nanoseconds): 0
Steps Removed: 0
Skew (estimated local-to-master clock frequency ratio): 1.0
This issue causes the PTP agent to crash. If you are seeing a high number of syslog messages stating that the PTP agent is being restarted, this issue is potentially being exploited.
Apr 12 02:32:08 ok312 ProcMgr-worker: %PROCMGR-6-PROCESS_TERMINATED: 'Ptp' (PID=17476, status=15) has terminated.
Apr 12 02:32:08 ok312 ProcMgr-worker: %PROCMGR-6-PROCESS_RESTART: Restarting 'Ptp' immediately (it had PID=17476)
Apr 12 02:32:08 ok312 ProcMgr-worker: %PROCMGR-7-PREDECESSOR_WAITING: New instance of Ptp (PID=17833): waiting for reaping of predecessor (PID=17476)
Apr 12 02:32:08 ok312 ProcMgr-worker: %PROCMGR-7-PREDECESSOR_GONE: New instance of Ptp (PID=17833): predecessor (PID=17476) has been reaped.
Apr 12 02:32:08 ok312 ProcMgr-worker: %PROCMGR-6-PROCESS_STARTED: 'Ptp' starting with PID=17833 (PPID=3067) -- execing '/usr/bin/Ptp'
Apr 12 02:32:08 ok312 Ptp: %AGENT-6-INITIALIZED: Agent 'Ptp' initialized; pid=17833
Install ACL rules to drop PTP packets from untrusted sources. Best practice is to block access to untrusted (non-management) networks.
ptp ip access-group ptpAcl in
<-------OUTPUT OMITTED FROM EXAMPLE-------->
!
ip access-list ptpAcl
Β Β Β 10 deny ip host 10.10.10.1 any
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.
CVE-2021-28510 has been fixed in the following releases:
For immediate remediation until EOS can be upgraded, the following hotfix is available.
The following hotfix can be applied to remediate CVE-2021-28510. The hotfix applies only to 4.23.10 and no other releases. All other versions require upgrading to a release containing the fix (as listed above).
Note: Installing/uninstalling the SWIX will cause the PTP agent to restart.
Version: 1.0
**URL:**SecurityAdvisory76_CVE-2021-28510_Hotfix.swix
SWIX hash:
(SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437
For instructions on installation and verification of the hotfix patch, refer to the βmanaging eos extensionsβ section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command βcopy installed-extensions boot-extensionsβ.
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
Contact information needed to open a new service request may be found at: https://www.arista.com/en/support/customer-support
Vendor | Product | Version | CPE |
---|---|---|---|
arista | eos | 4.27.1 | cpe:2.3:o:arista:eos:4.27.1:*:*:*:*:*:*:* |
arista | eos | 4.26.4 | cpe:2.3:o:arista:eos:4.26.4:*:*:*:*:*:*:* |
arista | eos | 4.25.6 | cpe:2.3:o:arista:eos:4.25.6:*:*:*:*:*:*:* |
arista | eos | 4.24.8 | cpe:2.3:o:arista:eos:4.24.8:*:*:*:*:*:*:* |
arista | eos | 4.23.10 | cpe:2.3:o:arista:eos:4.23.10:*:*:*:*:*:*:* |
arista | eos | 4.22. | cpe:2.3:o:arista:eos:4.22.:*:*:*:*:*:*:* |