Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ARISTA_EOS_SA0019.NASL
HistoryFeb 28, 2018 - 12:00 a.m.

Arista Networks EOS Multiple Vulnerabilities (SA0019)

2018-02-2800:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities :

  • A flaw exists in NTP in the receive() function within file ntpd/ntp_proto.c that allows packets with an origin timestamp of zero to bypass security checks. An unauthenticated, remote attacker can exploit this to spoof arbitrary content. (CVE-2015-8138)

  • A flaw exists in NTP when handling crafted Crypto NAK Packets having spoofed source addresses that match an existing associated peer. A unauthenticated, remote attacker can exploit this to demobilize a client association, resulting in a denial of service condition.
    (CVE-2016-1547)

  • A flaw exists in NTP when handling packets that have been spoofed to appear to be coming from a valid ntpd server, which may cause a switch to interleaved symmetric mode. An unauthenticated, remote attacker can exploit this, via a packet having a spoofed timestamp, to cause the client to reject future legitimate server responses, resulting in a denial of service condition.
    (CVE-2016-1548)

  • A flaw exits in NTP when handling a saturation of ephemeral associations. An authenticated, remote attacker can exploit this to defeat the clock selection algorithm and thereby modify a victim’s clock.
    (CVE-2016-1549)

  • A flaw exists in NTP in the message authentication functionality of libntp that is triggered when handling a series of specially crafted messages. An unauthenticated, remote attacker can exploit this to partially recover the message digest key.
    (CVE-2016-1550)

#TRUSTED 252c1ed52e7735177cb924351a30410a38192a623b31f3e142091f4b72921579f4fc7206baeb21010fd24ceb06e3bdaf2548ef3e56934f552452d0f9b82a35c7660fa4b3c837d77b359cb75d0cb919b0a86a09ecc7fa09485af56bfc90159f5ec7d3f70f40562e21d15efa89773fbd22cee3025364af8c0b3d48c2939104e61812a75440192dc0af090b635ff6c994fd8eb900be1e26fed78e8a4d801feba1133c0f4aadb53aa6991f251de103ab66c75a394e50b33ad3f8ba91d606ac4c8736b1696787f3d43d9dac46de06fc8e595c7321e770060260eef22af9b7e78de423fca1151a56da30c8dcd9532e9a6acb2bac381b2c1a7c1b392406499b60ed93e874fc4f7040aabb683577821311a8dab52faa0e0f94869c5ef4f59337f66a1359288004c166e49027ae89c16033dcc40fae25fc323235165920b0c961c3dbbad8d8457d7fd73e0215732c2c45078ba59617e2699040e60c3ea2d26afc34ef5bd7dc9f07255bab1e904b069cf76ec02a06bb79f57124d29236e8eb66d00da97d21887d24c124964818e2c3d9fe0f52b48f5030a5dbee87f43b2f4c5b3c75134d8d45e01c483500998e46d3742d2f01957d1046c40c4d7e604652e38054afec05f7c93439604f5dfd05d54a1a8720ea01a8258082f4fe301538ef9516e1f6d53306203577791b6e0e9a2143cfc9b4909cd785e4b4eb08f44cf9beb1f44ff4002f7b
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(107061);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");

  script_cve_id(
    "CVE-2015-8138",
    "CVE-2016-1547",
    "CVE-2016-1548",
    "CVE-2016-1549",
    "CVE-2016-1550"
  );
  script_bugtraq_id(
    81811,
    88200,
    88261,
    88264,
    88276
  );
  script_xref(name:"CERT", value:"718152");

  script_name(english:"Arista Networks EOS Multiple Vulnerabilities (SA0019)");
  script_summary(english:"Checks the Arista Networks EOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities :

  - A flaw exists in NTP in the receive() function within
    file ntpd/ntp_proto.c that allows packets with an origin
    timestamp of zero to bypass security checks. An
    unauthenticated, remote attacker can exploit this to
    spoof arbitrary content. (CVE-2015-8138)

  - A flaw exists in NTP when handling crafted Crypto NAK
    Packets having spoofed source addresses that match an
    existing associated peer. A unauthenticated, remote
    attacker can exploit this to demobilize a client
    association, resulting in a denial of service condition.
    (CVE-2016-1547)

  - A flaw exists in NTP when handling packets that have
    been spoofed to appear to be coming from a valid ntpd
    server, which may cause a switch to interleaved
    symmetric mode. An unauthenticated, remote attacker can
    exploit this, via a packet having a spoofed timestamp,
    to cause the client to reject future legitimate server
    responses, resulting in a denial of service condition.
    (CVE-2016-1548)

  - A flaw exits in NTP when handling a saturation of
    ephemeral associations. An authenticated, remote
    attacker can exploit this to defeat the clock selection
    algorithm and thereby modify a victim's clock.
    (CVE-2016-1549)

  - A flaw exists in NTP in the message authentication
    functionality of libntp that is triggered when handling
    a series of specially crafted messages. An
    unauthenticated, remote attacker can exploit this to
    partially recover the message digest key.
    (CVE-2016-1550)");
  # https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dabe6203");
  script_set_attribute(attribute:"solution", value:
"Contact the vendor for a fixed version.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1548");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/28");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:arista:eos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("arista_eos_detect.nbin");
  script_require_keys("Host/Arista-EOS/Version");

  exit(0);
}


include("arista_eos_func.inc");

version = get_kb_item_or_exit("Host/Arista-EOS/Version");

vmatrix = make_array();
vmatrix["all"] =  make_list("0.0<=4.12.99");
vmatrix["F"] =    make_list("4.13.1.1<=4.13.6",
                            "4.14.0<=4.14.5",
                            "4.15.0<=4.15.4.1");

vmatrix["M"] =    make_list("4.13.5<=4.13.15",
                            "4.14.6<=4.14.12",
                            "4.15.5","4.15.6");

vmatrix["misc"] = make_list("4.14.5FX",
                            "4.14.5FX",
                            "4.14.5FX.1",
                            "4.14.5FX.2",
                            "4.14.5FX.3",
                            "4.14.5FX.4",
                            "4.14.5.1F-SSU",
                            "4.15.0FX",
                            "4.15.0FXA",
                            "4.15.0FX1",
                            "4.15.1FXB.1",
                            "4.15.1FXB",
                            "4.15.1FX-7060X",
                            "4.15.1FX-7060QX",
                            "4.15.3FX-7050X-72Q",
                            "4.15.3FX-7060X.1",
                            "4.15.3FX-7500E3",
                            "4.15.3FX-7500E3.3",
                            "4.15.4FX-7500E3",
                            "4.15.5FX-7500R");

if (eos_is_affected(vmatrix:vmatrix, version:version))
{
  security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());
}
else audit(AUDIT_INST_VER_NOT_VULN, "Arista Networks EOS", version);
VendorProductVersionCPE
aristaeoscpe:/o:arista:eos

Related

nessus 44
openvas 24
cisco 1
arista 1
oraclelinux 4
redhat 3
ibm 21
centos 2
freebsd 1
slackware 2
fortinet 1
freebsd_advisory 1
talos 9
debian 2
seebug 7
fedora 3
osv 2
mageia 1
amazon 2
suse 5
cve 9
prion 9
f5 14
debiancve 9
veracode 4
ubuntucve 10
ics 2
redhatcve 3
cloudfoundry 1
cert 1
ubuntu 1
nessus
nessus
RHEL 6 : ntp (RHSA-2016:1552)
2016-08-04 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-120-01)
2016-05-02 00:00:00
RHEL 6 / 7 : ntp (RHSA-2016:1141)
2016-06-01 00:00:00
openvas
openvas
CentOS Update for ntp CESA-2016:1141 centos6
2016-06-03 00:00:00
CentOS Update for ntp CESA-2016:1141 centos7
2016-06-03 00:00:00
RedHat Update for ntp RHSA-2016:1141-01
2016-06-03 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
2016-04-28 09:00:00
arista
arista
Security Advisory 0019
2018-04-25 00:00:00
oraclelinux
oraclelinux
ntp security update
2016-05-31 00:00:00
ntp security update
2016-01-25 00:00:00
ntp security and bug fix update
2016-11-09 00:00:00
redhat
redhat
(RHSA-2016:1141) Moderate: ntp security update
2016-05-31 05:04:27
(RHSA-2016:1552) Moderate: ntp security update
2016-08-03 04:36:58
(RHSA-2016:0063) Important: ntp security update
2016-01-25 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect Power Hardware Management Console
2021-09-23 01:31:39
Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM
2018-06-18 01:32:32
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-14 14:32:25
centos
centos
ntp, ntpdate, sntp security update
2016-05-31 10:58:56
ntp, ntpdate, sntp security update
2016-01-25 14:27:37
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-04-26 00:00:00
slackware
slackware
[slackware-security] ntp
2016-04-29 21:57:25
[slackware-security] ntp
2018-08-17 17:43:28
fortinet
fortinet
ntp-4.2.8p7 Security Vulnerability Announcement April 2016
2017-04-03 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:16.ntp
2016-04-29 00:00:00
talos
talos
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability
2016-11-21 00:00:00
Network Time Protocol Origin Timestamp Check Impersonation Vulnerability
2016-01-19 00:00:00
Network Time Protocol libntp Message Digest Disclosure Vulnerability
2016-04-26 00:00:00
debian
debian
[SECURITY] [DLA 559-1] ntp security update
2016-07-25 21:37:14
[SECURITY] [DSA 3629-1] ntp security update
2016-07-25 21:15:32
seebug
seebug
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
2017-10-11 00:00:00
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability(CVE-2016-1548)
2017-10-26 00:00:00
Network Time Protocol libntp Message Digest Disclosure Vulnerability(CVE-2016-1550)
2017-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-40.fc24
2016-05-07 12:19:50
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-40.fc23
2016-05-10 18:06:26
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-40.fc22
2016-05-12 07:23:47
osv
osv
ntp - security update
2016-07-25 00:00:00
ntp - security update
2016-07-25 00:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-05-14 00:54:49
amazon
amazon
Medium: ntp
2016-06-02 18:06:00
Low: ntp
2018-09-19 17:19:00
suse
suse
Security update for ntp (important)
2016-06-01 18:08:21
Security update for ntp (important)
2016-05-11 18:08:42
Security update for ntp (important)
2016-05-18 14:10:13
cve
cve
CVE-2015-8138
2017-01-30 21:59:00
CVE-2016-1548
2017-01-06 21:59:00
CVE-2016-1550
2017-01-06 21:59:00
prion
prion
Design/Logic Flaw
2017-01-30 21:59:00
Code injection
2017-01-06 21:59:00
Design/Logic Flaw
2017-01-06 21:59:00
f5
f5
K71245322 : NTP vulnerability CVE-2015-8138
2016-02-22 00:00:00
SOL71245322 - NTP vulnerability CVE-2015-8138
2016-02-22 00:00:00
K43205719 : NTP input validation vulnerability CVE-2016-1550
2016-05-25 00:00:00
debiancve
debiancve
CVE-2015-8138
2017-01-30 21:59:00
CVE-2016-1549
2017-01-06 21:59:00
CVE-2016-1548
2017-01-06 21:59:00
veracode
veracode
Validation Bypass
2019-01-15 09:09:42
Denial Of Service (DoS)
2019-05-02 05:34:28
Information Disclosure
2019-05-02 05:34:28
ubuntucve
ubuntucve
CVE-2016-1548
2016-04-29 00:00:00
CVE-2016-1550
2016-04-29 00:00:00
CVE-2016-1549
2017-01-06 00:00:00
ics
ics
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
redhatcve
redhatcve
CVE-2016-7431
2016-11-22 10:47:56
CVE-2016-4956
2016-06-02 13:49:28
CVE-2016-4957
2016-06-02 13:49:32
cloudfoundry
cloudfoundry
USN-3096-1: NTP vulnerabilities | Cloud Foundry
2016-12-21 00:00:00
cert
cert
NTP.org ntpd contains multiple vulnerabilities
2016-04-27 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2016-10-05 00:00:00
JSON
Related for ARISTA_EOS_SA0019.NASL
nessus44openvas24cisco1arista1oraclelinux4redhat3ibm21centos2freebsd1slackware2fortinet1freebsd_advisory1talos9debian2seebug7fedora3osv2mageia1amazon2suse5cve9prion9f514debiancve9veracode4ubuntucve10ics2redhatcve3cloudfoundry1cert1ubuntu1