CVE-2021-28510
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.23.10 |
| Running on/with | Platform Versions |
|---|---|
Arista 7020r | All versions |
Arista 7050cx3 32s | All versions |
Arista 7050cx3m 32s | All versions |
Arista 7050qx 32s | All versions |
Arista 7050qx2 32s | All versions |
Arista 7050sx 128 | All versions |
Arista 7050sx 64 | All versions |
Arista 7050sx 72q | All versions |
Arista 7050sx2 128 | All versions |
Arista 7050sx2 72q | All versions |
Arista 7050sx3 48c8 | All versions |
Arista 7050sx3 48yc | All versions |
Arista 7050sx3 48yc12 | All versions |
Arista 7050sx3 48yc8 | All versions |
Arista 7050sx3 96yc8 | All versions |
Arista 7050tx 48 | All versions |
Arista 7050tx 64 | All versions |
Arista 7050tx 72q | All versions |
Arista 7050tx2 128 | All versions |
Arista 7050tx3 48c8 | All versions |
Arista 7060cx 32s | All versions |
Arista 7060cx2 32s | All versions |
Arista 7060dx4 32 | All versions |
Arista 7060px4 32 | All versions |
Arista 7060sx2 48yc6 | All versions |
Arista 7150s 24 | All versions |
Arista 7150s 52 | All versions |
Arista 7150s 64 | All versions |
Arista 7150sc 24 | All versions |
Arista 7150sc 64 | All versions |
Arista 7170 32c | All versions |
Arista 7170 32cd | All versions |
Arista 7170 64c | All versions |
Arista 720xp 24y6 | All versions |
Arista 720xp 24zy4 | All versions |
Arista 720xp 48y6 | All versions |
Arista 720xp 48zc2 | All versions |
Arista 720xp 96zc2 | All versions |
Arista 7250qx 64 | All versions |
Arista 7260cx | All versions |
Arista 7260cx3 | All versions |
Arista 7260cx3 64 | All versions |
Arista 7260qx | All versions |
Arista 7280e | All versions |
Arista 7280r | All versions |
Arista 7280r2 | All versions |
Arista 7280r3 | All versions |
Arista 7280sr3 48yc8 | All versions |
Arista 7280sr3k 48yc8 | All versions |
Arista 7300x 32q | All versions |
Arista 7300x 64s | All versions |
Arista 7300x 64t | All versions |
Arista 7300x3 32c | All versions |
Arista 7300x3 48yc4 | All versions |
Arista 7304x3 | All versions |
Arista 7308x3 | All versions |
Arista 7320x 32c | All versions |
Arista 7324x | All versions |
Arista 7328x | All versions |
Arista 7368x4 | All versions |
Arista 7500e | All versions |
Arista 7500r | All versions |
Arista 7500r2 | All versions |
Arista 7500r3 | All versions |
Arista 7500r3 24d | All versions |
Arista 7500r3 24p | All versions |
Arista 7500r3 36cq | All versions |
Arista 7500r3k 36cq | All versions |
Arista 7504r3 | All versions |
Arista 7508r3 | All versions |
Arista 7512r3 | All versions |
Arista 7800r3 36p | All versions |
Arista 7800r3 48cq | All versions |
Arista 7800r3k 48cq | All versions |
Arista 7804r3 | All versions |
Arista 7808r3 | All versions |
Related CWEs
CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References (2)
Source: psirt@arista.com
ExploitMitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationVendor Advisory
Timeline
No history available yet.