Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ARISTA_EOS_SA0024_4_17.NASL
HistoryFeb 28, 2018 - 12:00 a.m.

Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)

2018-02-2800:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
171
JSON

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library :

  • An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations.
    An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178)

  • A vulnerability exists, known as SWEET32, in the 3DES and Blowfish algorithms due to the use of weak 64-bit block ciphers by default. A man-in-the-middle attacker who has sufficient resources can exploit this vulnerability, via a ‘birthday’ attack, to detect a collision that leaks the XOR between the fixed secret and a known plaintext, allowing the disclosure of the secret text, such as secure HTTPS cookies, and possibly resulting in the hijacking of an authenticated session.
    (CVE-2016-2183)

  • A flaw exists in the ssl_parse_clienthello_tlsext() function in t1_lib.c due to improper handling of overly large OCSP Status Request extensions from clients. An unauthenticated, remote attacker can exploit this, via large OCSP Status Request extensions, to exhaust memory resources, resulting in a denial of service condition.
    (CVE-2016-6304)

#TRUSTED 30261962c27d3c1c30c708fd51acd40c11630e57d9e7fbb2ec5e4ea7706281072c1923b92270da2b695b99a6b0982c3cfad016f5fc65dfeb0d8e7d0bfd104583bf4529ecf3709c68b63f3c539e61a80ba5dfba7011ff7e8c609980df191e19c862590158f5dbd7ec4d1f2574609bc3a56f923c60f475c2eabadaa8db567559ec2a230c0950d6567768d86c35e383ddab3518db4df5854cd71e0a91def5c60814e2e4a27cf8c6431416ce1968e21b97ae0cb01e6156d94da72cc062c01ffb3923d0f17e344c473cc9fe0e887fa6071809a1694be695ca6e829ce4cbf4ab4607f72bd213eeaa8e46cd433e2987b02c1a6a7ea353927018a9cc25b12bbbc1b29525e2847afb574f3b6d61a9bf575bebea444197559d1eafe430b140381fc5c092d0ac6954ef835b8b737dd619732f73f7193c99a1ed1dd4822aa956f04b3cf0e84f6c6cfe045faa0e58222f2a74c12abfa4b8b5912591b722f17a99e2838f18a43009c34b44c3e7b3b97bf35074fb95824b19404b78d2b7df513009386c8f110561b6bd8b92a0fc5ca77ba87e6a37ffb4f3f648b2371e5d047e8f2081cadc4d8b0ecf9ace6b21362b22fbc28e180bc33293412b8d80dd658cf0a9307b176e4d465586384c7fd1b72b84faad3eaf3b9332df72be5a618e4d7ca1c12fbb57430169f9a8bf8c62ee0ba71cdb849b15f7cce93e6b24b83d809336150f78fe57d0dda0b9
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(107067);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");

  script_cve_id("CVE-2016-2178", "CVE-2016-2183", "CVE-2016-6304");
  script_bugtraq_id(91081, 92630, 93150);

  script_name(english:"Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)");
  script_summary(english:"Checks the Arista Networks EOS version.");

  script_set_attribute(attribute:"synopsis", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Arista Networks EOS running on the remote device is
affected by multiple vulnerabilities in the included OpenSSL library :

  - An information disclosure vulnerability exists in the
    dsa_sign_setup() function in dsa_ossl.c due to a failure
    to properly ensure the use of constant-time operations.
    An unauthenticated, remote attacker can exploit this,
    via a timing side-channel attack, to disclose DSA key
    information. (CVE-2016-2178)

  - A vulnerability exists, known as SWEET32, in the 3DES
    and Blowfish algorithms due to the use of weak 64-bit
    block ciphers by default. A man-in-the-middle attacker
    who has sufficient resources can exploit this
    vulnerability, via a 'birthday' attack, to detect a
    collision that leaks the XOR between the fixed secret
    and a known plaintext, allowing the disclosure of the
    secret text, such as secure HTTPS cookies, and possibly
    resulting in the hijacking of an authenticated session.
    (CVE-2016-2183)

  - A flaw exists in the ssl_parse_clienthello_tlsext()
    function in t1_lib.c due to improper handling of overly
    large OCSP Status Request extensions from clients. An
    unauthenticated, remote attacker can exploit this, via
    large OCSP Status Request extensions, to exhaust memory
    resources, resulting in a denial of service condition.
    (CVE-2016-6304)");
  # https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0310cb92");
  script_set_attribute(attribute:"see_also", value:"https://sweet32.info");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/blog/blog/2016/08/24/sweet32/");
  script_set_attribute(attribute:"solution", value:
"Contact the vendor for a fixed version. Alternatively, apply the
recommended mitigations referenced in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2183");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/28");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:arista:eos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("arista_eos_detect.nbin");
  script_require_keys("Host/Arista-EOS/Version");

  exit(0);
}


include("arista_eos_func.inc");

version = get_kb_item_or_exit("Host/Arista-EOS/Version");

vmatrix = make_array();
vmatrix["F"] =    make_list("4.17.0<=4.17.1.1");
vmatrix["misc"] = make_list("4.17.1FX-VRRP6LL");

if (eos_is_affected(vmatrix:vmatrix, version:version))
{
  security_report_v4(severity:SECURITY_WARNING, port:0, extra:eos_report_get());
}
else audit(AUDIT_INST_VER_NOT_VULN, "Arista Networks EOS", version);
VendorProductVersionCPE
aristaeoscpe:/o:arista:eos

Related

threatpost 2
nessus 33
ibm 78
suse 6
openvas 20
redhat 8
prion 3
zdt 1
f5 5
hackerone 8
veracode 5
ubuntucve 3
cve 3
alpinelinux 3
openssl 2
altlinux 4
checkpoint_advisories 2
osv 2
debiancve 2
oraclelinux 3
freebsd 1
centos 1
attackerkb 1
cloudfoundry 2
github 1
threatpost
threatpost
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
2016-08-24 08:00:39
nessus
nessus
Arista Networks EOS Multiple Vulnerabilities (SA0024) (SWEET32)
2018-02-28 00:00:00
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)
2019-01-02 00:00:00
RHEL 6 / 7 : JBoss EAP (RHSA-2017:1658)
2017-06-30 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Storwize V7000 Unified (CVE-2016-6304, CVE-2016-6303, CVE-2016-2178, CVE-2016-6306 and CVE-2016-2183)
2018-06-18 00:28:14
Security Bulletin:Vulnerabilities in OpenSSL affect IBM SONAS
2018-06-18 00:28:27
Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways
2018-06-15 07:06:27
suse
suse
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs (important)
2016-10-11 19:20:03
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2470-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2470-2)
2021-06-09 00:00:00
openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:2496-1)
2016-10-12 00:00:00
redhat
redhat
(RHSA-2017:1658) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update
2017-06-28 19:58:57
(RHSA-2017:1659) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update
2017-06-28 19:59:12
(RHSA-2016:2802) Important: openssl security update
2016-11-17 12:52:35
prion
prion
Design/Logic Flaw
2016-09-26 19:59:00
Crlf injection
2016-06-20 01:59:00
Design/Logic Flaw
2016-09-01 00:59:00
zdt
zdt
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
2016-10-21 00:00:00
f5
f5
K54211024 : OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
SOL54211024 - OpenSSL vulnerability CVE-2016-6304
2016-11-02 00:00:00
K53084033 : OpenSSL vulnerability CVE-2016-2178
2016-07-14 00:00:00
hackerone
hackerone
Internet Bug Bounty: OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
2017-03-29 01:24:57
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
Nextcloud: Nextcloud.com is vulnerable to SWEET32 attack
2017-01-18 18:23:36
veracode
veracode
Denial Of Service (DoS)
2017-01-26 01:52:41
Denial Of Service (DoS)
2019-01-15 09:14:47
Timing Attacks
2017-01-26 07:29:41
ubuntucve
ubuntucve
CVE-2016-6304
2016-09-22 00:00:00
CVE-2016-2178
2016-06-19 00:00:00
CVE-2016-2183
2016-08-31 00:00:00
cve
cve
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2178
2016-06-20 01:59:00
CVE-2016-2183
2016-09-01 00:59:00
alpinelinux
alpinelinux
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2178
2016-06-20 01:59:00
CVE-2016-2183
2016-09-01 00:59:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-6304
2016-09-22 00:00:00
Vulnerability in OpenSSL CVE-2016-2178
2016-06-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2h-alt2
2016-06-08 00:00:00
Security fix for the ALT Linux 10 package openssl1.1 version 1.0.2h-alt2
2016-06-08 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.2h-alt2
2016-06-09 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL OCSP Extension Unbounded Memory Denial of Service (CVE-2016-6304)
2016-09-22 00:00:00
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
osv
osv
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2178
2016-06-20 01:59:00
debiancve
debiancve
CVE-2016-6304
2016-09-26 19:59:00
CVE-2016-2178
2016-06-20 01:59:00
oraclelinux
oraclelinux
openssl security update
2016-10-13 00:00:00
openssl security update
2016-09-27 00:00:00
python security update
2018-07-03 00:00:00
freebsd
freebsd
OpenSSL -- vulnerability in DSA signing
2016-06-09 00:00:00
centos
centos
openssl security update
2016-09-28 14:48:04
attackerkb
attackerkb
CVE-2016-2183
2016-09-01 00:00:00
cloudfoundry
cloudfoundry
CVE-2016-2183: Birthday attacks against TLS ciphers with 64bit block size | Cloud Foundry
2019-10-24 00:00:00
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
github
github
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
JSON
Related for ARISTA_EOS_SA0024_4_17.NASL
threatpost2nessus33ibm78suse6openvas20redhat8prion3zdt1f55hackerone8veracode5ubuntucve3cve3alpinelinux3openssl2altlinux4checkpoint_advisories2osv2debiancve2oraclelinux3freebsd1centos1attackerkb1cloudfoundry2github1