admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/28xxx/CVE-2021-28510.json
CVE Team dbcfc96588
"-Synchronized-Data."
2023-01-26 21:06:38 +00:00

134 lines
5.9 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-04-19T21:53:00.000Z",
"ID": "CVE-2021-28510",
"STATE": "PUBLIC",
"TITLE": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "4.27.1",
"version_value": "4.27.0"
},
{
"version_affected": "<=",
"version_name": "4.26.4",
"version_value": "4.26.0"
},
{
"version_affected": "<=",
"version_name": "4.25.6",
"version_value": "4.25.0"
},
{
"version_affected": "<=",
"version_name": "4.24.8",
"version_value": "4.24.0"
},
{
"version_affected": "<=",
"version_name": "4.23.10",
"version_value": "4.23.0"
},
{
"version_affected": "=",
"version_name": "4.22",
"version_value": "4.22"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28510 has been fixed in the following releases:\n4.27.2 and later releases in the 4.27.x train\n4.26.5 and later releases in the 4.26.x train\n4.25.7 and later releases in the 4.25.x train\n4.24.9 and later releases in the 4.24.x train\n4.23.11 and later releases in the 4.23.x train\n"
},
{
"lang": "eng",
"value": "Hotfix\n\nThe following hotfix can be applied to remediate CVE-2021-28510\nNote: Installing/uninstalling the SWIX will cause the PTP agent to restart.\n\nVersion: 1.0\nURL:SecurityAdvisory76_CVE-2021-28510_Hotfix.swix\n\nSWIX hash: (SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437 "
}
],
"source": {
"advisory": "76",
"defect": [
"BUG",
"638107"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Install ACL rules to drop PTP packets from untrusted sources. Best practice is to block access to untrusted (non-management) networks."
}
]
}
Reference in New Issue View Git Blame Copy Permalink