The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library :
An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.
An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)
A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a ‘birthday’ attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.
(CVE-2016-2183)
#TRUSTED 9335df6adc323f095a8e0c5fcfef0ff4be8608f33bbfd7209227fef584817014f0cca85ab229fba95d88ee29165fc170a0501da133164cbc84576efd06fb708d148eaedfdd3b1d8f110affe53eca9323c1f433b6d09a4427661b4ea70156d405c5a76daa793d91e767ddbddb4ed155572f94d3fe31a047aa8dc302090394af8dbdfa1f41c89891a4905438fafbfa068765c52bc642d44bfd323e655522cba47b7135e1d3169e8d1bbec631174c5ef6a6c3f45c5d1900e473855b4c75e34b0ac36a42d4e4ee993a0d452341feada773c80f225005cea0a533bc5384e07077b4dfb100c900745ccbcd54d3f7d03b605ee1d7633831db8ebb1c057e13947a87c4e1be03ec279e8df1d7e21af70f2f007b4c1179c3804a11762a8d2f4bda12c6327bf1f5b751655cce3e020401c67a46680f05912d7db10c35b22e2a29d8b834030e4257f1fdc305e6b4afe7415d46059ab2d834c4604e20959e6d4814d1f36d18d07ccfff12f87e91c068afffa28ac4998cc07aa93bc5d13f0dee907a09fafba13fb4024b7b0bd6f67ed0b541e0971c044799bde4e0b362edea6f14f36e84db9311ece9f34e0bbff367e0b70c8378f2bbc89d70b40ee90dd2198d458b0e14e190764499ec3148807a01f7c8978297fe6f77b7dc763b9773e213b63d66a2061e8c5d11d11464e948bca24a765b81516b6c2e3f00e6bb0b3e603098e0580a55b728a4
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(107066);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
script_cve_id("CVE-2016-2178", "CVE-2016-2183");
script_bugtraq_id(91081, 92630);
script_name(english:"Arista Networks EOS Multiple Vulnerabilities (SA0024) (SWEET32)");
script_summary(english:"Checks the Arista Networks EOS version.");
script_set_attribute(attribute:"synopsis", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities in the included OpenSSL library :
- An information disclosure vulnerability exists in the
dsa_sign_setup() function in dsa_ossl.c due to a failure
to properly ensure the use of constant-time operations.
An unauthenticated, remote attacker can exploit this,
via a timing side-channel attack, to disclose DSA key
information. (CVE-2016-2178)
- A vulnerability exists, known as SWEET32, in the 3DES
and Blowfish algorithms due to the use of weak 64-bit
block ciphers by default. A man-in-the-middle attacker
who has sufficient resources can exploit this
vulnerability, via a 'birthday' attack, to detect a
collision that leaks the XOR between the fixed secret
and a known plaintext, allowing the disclosure of the
secret text, such as secure HTTPS cookies, and possibly
resulting in the hijacking of an authenticated session.
(CVE-2016-2183)");
# https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0310cb92");
script_set_attribute(attribute:"see_also", value:"https://sweet32.info");
script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/blog/blog/2016/08/24/sweet32/");
script_set_attribute(attribute:"solution", value:
"Contact the vendor for a fixed version. Alternatively, apply the
recommended mitigations referenced in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2183");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/06");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/28");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:arista:eos");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("arista_eos_detect.nbin");
script_require_keys("Host/Arista-EOS/Version");
exit(0);
}
include("arista_eos_func.inc");
version = get_kb_item_or_exit("Host/Arista-EOS/Version");
vmatrix = make_array();
vmatrix["all"] = make_list("4.10.1<=4.13.99");
vmatrix["F"] = make_list("4.14.0<=4.14.5",
"4.15.0<=4.15.4.1",
"4.17.0<=4.17.1.1");
vmatrix["M"] = make_list("4.14.5<=4.14.12",
"4.15.5<=4.15.8",
"4.16.6<=4.16.8");
vmatrix["misc"] = make_list("4.14.5FX",
"4.14.5FX.1",
"4.14.5FX.2",
"4.14.5FX.3",
"4.14.5FX.4",
"4.14.5.1F-SSU",
"4.15.0FX",
"4.15.0FXA",
"4.15.0FX1",
"4.15.1FXB.1",
"4.15.1FXB",
"4.15.1FX-7060X",
"4.15.1FX-7260QX",
"4.15.3FX-7050X-72Q",
"4.15.3FX-7060X.1",
"4.15.3FX-7500E3",
"4.15.3FX-7500E3.3",
"4.15.4FX-7500E3",
"4.15.5FX-7500R",
"4.15.5FX-7500R-bgpscale.2",
"4.16.6FX-7512R",
"4.16.6FX-7500R.1",
"4.16.6FX-7500R-bgpscale",
"4.16.6FX-7500R",
"4.16.6FX-7060X",
"4.16.6FX-7050X2.2",
"4.16.6FX-7050X2",
"4.16.7M-L2EVPN",
"4.16.7FX-MLAGISSU-TWO-STEP",
"4.16.7FX-7500R",
"4.16.7FX-760X",
"4.16.8FX-MLAGISSU-TWO-STEP",
"4.16.8FX-7500R",
"4.16.8FX-7060X"
);
if (eos_is_affected(vmatrix:vmatrix, version:version))
{
security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());
}
else audit(AUDIT_INST_VER_NOT_VULN, "Arista Networks EOS", version);