CVE-2019-14810: Race Condition
First published: Thu Oct 10 2019(Updated: )
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista Extensible Operating System | >=4.19<=4.19.12m | |
| Arista Extensible Operating System | >=4.20<=4.20.14m | |
| Arista Extensible Operating System | >=4.21.0f<=4.21.2.3f | |
| Arista Extensible Operating System | >=4.21.3f<=4.21.7 | |
| Arista Extensible Operating System | =4.17 | |
| Arista Extensible Operating System | =4.18 | |
| Arista Extensible Operating System | =4.22.1f | |
| Arista 7020r | ||
| Arista 7280e | ||
| Arista 7280r | ||
| Arista 7280r2 | ||
| Arista 7280r3 | ||
| Arista 7500e | ||
| Arista 7500r | ||
| Arista 7500r2 | ||
| Arista 7500r3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-14810.
What is the affected software?
The affected software is Arista Extensible Operating System (EOS).
What is the severity of CVE-2019-14810?
The severity of CVE-2019-14810 is medium with a CVSS score of 5.9.
What is the risk of CVE-2019-14810?
CVE-2019-14810 poses a risk of Denial of Service (DoS) attack on route updates in the affected software.
How can I fix CVE-2019-14810?
To fix CVE-2019-14810, it is recommended to update to a patched version of Arista Extensible Operating System (EOS) as mentioned in the Arista advisory.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/arista
- canonical/arista extensible operating system
- version/arista extensible operating system/4.19
- version/arista extensible operating system/4.19.12m
- version/arista extensible operating system/4.20
- version/arista extensible operating system/4.20.14m
- version/arista extensible operating system/4.21.0f
- version/arista extensible operating system/4.21.2.3f
- version/arista extensible operating system/4.21.3f
- version/arista extensible operating system/4.21.7
- version/arista extensible operating system/4.17
- version/arista extensible operating system/4.18
- version/arista extensible operating system/4.22.1f
- canonical/arista 7020r
- canonical/arista 7280e
- canonical/arista 7280r
- canonical/arista 7280r2
- canonical/arista 7280r3
- canonical/arista 7500e
- canonical/arista 7500r
- canonical/arista 7500r2
- canonical/arista 7500r3