CVE-2021-28510: For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
First published: Tue Jan 24 2023(Updated: )
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista EOS | <4.23.10 | |
| Arista EOS | >=4.24.0<4.24.8 | |
| Arista EOS | >=4.25.0<4.25.6 | |
| Arista EOS | >=4.26.0<4.26.4 | |
| Arista EOS | >=4.27.0<4.27.1 | |
| Arista 7020r | ||
| Arista DCS-7050CX3-32S | ||
| Arista Dcs-7050cx3m-32s | ||
| Arista 7050qx-32s | ||
| Arista 7050qx2-32s | ||
| Arista 7050SX-128 | ||
| Arista 7050sx-64 | ||
| Arista 7050sx2-72q | ||
| Arista 7050SX2 series | ||
| Arista 7050sx2-72q | ||
| Arista DCS-7050SX3-48C8 | ||
| Arista 7050SX3-48YC | ||
| Arista DCS-7050SX3-48YC12 | ||
| Arista Dcs-7050sx3-48yc8 | ||
| Arista DCS-7050SX3-96YC8 | ||
| Arista 7050TX-48 | ||
| Arista 7050tx-64 | ||
| Arista 7050tx-72q | ||
| Arista 7050TX2-128 | ||
| Arista Dcs-7050tx3-48c8 | ||
| Arista 7060cx2-32s | ||
| Arista 7060cx2-32s | ||
| Arista 7060dx4-32 | ||
| Arista 7060px4-32 | ||
| Arista 7060sx2-48yc6 | ||
| Arista 7150s-24 | ||
| Arista 7150s-52 | ||
| Arista 7150 Series | ||
| Arista 7150sc-24 | ||
| Arista 7150sc-64 | ||
| Arista 7170-32cd | ||
| Arista 7170-32cd | ||
| Arista 7170b-64c | ||
| Arista Ccs-720xp-24y6 | ||
| Arista Ccs-720xp-24zy4 | ||
| Arista Ccs-720xp-48y6 | ||
| Arista Ccs-720xp-48zc2 | ||
| Arista 720xp-96zc2 | ||
| Arista 7250qx-64 | ||
| Arista 7260cx | ||
| Arista 7260cx3-64 | ||
| Arista 7260cx3 | ||
| Arista 7260qx | ||
| Arista 7280e | ||
| Arista 7280R Series | ||
| Arista 7280R2 | ||
| Arista 7280R Series | ||
| Arista 7280SR3-48YC8 | ||
| Arista 7280SR3K-48YC8 | ||
| Arista 7300x-32q | ||
| Arista 7300X Series | ||
| Arista 7300x-64t | ||
| Arista 7300x3-32c | ||
| Arista 7300X3-48YC4 | ||
| Arista 7304x3 | ||
| Arista 7308x3 | ||
| Arista 7320x-32c | ||
| Arista 7324x | ||
| Arista 7328x | ||
| Arista 7368x4 | ||
| Arista DCS-7500E-6C2-LC | ||
| Arista 7500 Series | ||
| Arista 7500 Series | ||
| Arista 7500R Series | ||
| Arista 7500 Series | ||
| Arista 7500R Series Switch | ||
| Arista 7500R series | ||
| Arista 7500R series | ||
| Arista 7504r3 | ||
| Arista 7508R3 | ||
| Arista 7512R3 | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista 7804r3 | ||
| Arista 7808R3 |
Remedy
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2021-28510 has been fixed in the following releases: 4.27.2 and later releases in the 4.27.x train 4.26.5 and later releases in the 4.26.x train 4.25.7 and later releases in the 4.25.x train 4.24.9 and later releases in the 4.24.x train 4.23.11 and later releases in the 4.23.x train
Remedy
Hotfix The following hotfix can be applied to remediate CVE-2021-28510 Note: Installing/uninstalling the SWIX will cause the PTP agent to restart. Version: 1.0 URL:SecurityAdvisory76_CVE-2021-28510_Hotfix.swix SWIX hash: (SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-28510?
CVE-2021-28510 is considered medium severity due to the potential for service interruption.
How do I fix CVE-2021-28510?
To fix CVE-2021-28510, upgrade to a version of Arista EOS that is beyond 4.23.10 or the specified vulnerable versions.
Which systems are affected by CVE-2021-28510?
CVE-2021-28510 affects various versions of Arista EOS including those up to 4.23.10 and certain ranges from 4.24.0 to 4.26.4 and beyond.
What happens if CVE-2021-28510 is exploited?
If exploited, CVE-2021-28510 causes the Precision Time Protocol (PTP) agent to continuously restart, making the service unavailable.
Is there a workaround for CVE-2021-28510?
There is no official workaround for CVE-2021-28510 other than upgrading to a patched version of Arista EOS.
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arista
- canonical/arista eos
- version/arista eos/4.24.0
- version/arista eos/4.25.0
- version/arista eos/4.26.0
- version/arista eos/4.27.0
- canonical/arista 7020r
- canonical/arista dcs-7050cx3-32s
- canonical/arista dcs-7050cx3m-32s
- canonical/arista 7050qx-32s
- canonical/arista 7050qx2-32s
- canonical/arista 7050sx-128
- canonical/arista 7050sx-64
- canonical/arista 7050sx2-72q
- canonical/arista 7050sx2 series
- canonical/arista dcs-7050sx3-48c8
- canonical/arista 7050sx3-48yc
- canonical/arista dcs-7050sx3-48yc12
- canonical/arista dcs-7050sx3-48yc8
- canonical/arista dcs-7050sx3-96yc8
- canonical/arista 7050tx-48
- canonical/arista 7050tx-64
- canonical/arista 7050tx-72q
- canonical/arista 7050tx2-128
- canonical/arista dcs-7050tx3-48c8
- canonical/arista 7060cx2-32s
- canonical/arista 7060dx4-32
- canonical/arista 7060px4-32
- canonical/arista 7060sx2-48yc6
- canonical/arista 7150s-24
- canonical/arista 7150s-52
- canonical/arista 7150 series
- canonical/arista 7150sc-24
- canonical/arista 7150sc-64
- canonical/arista 7170-32cd
- canonical/arista 7170b-64c
- canonical/arista ccs-720xp-24y6
- canonical/arista ccs-720xp-24zy4
- canonical/arista ccs-720xp-48y6
- canonical/arista ccs-720xp-48zc2
- canonical/arista 720xp-96zc2
- canonical/arista 7250qx-64
- canonical/arista 7260cx
- canonical/arista 7260cx3-64
- canonical/arista 7260cx3
- canonical/arista 7260qx
- canonical/arista 7280e
- canonical/arista 7280r series
- canonical/arista 7280r2
- canonical/arista 7280sr3-48yc8
- canonical/arista 7280sr3k-48yc8
- canonical/arista 7300x-32q
- canonical/arista 7300x series
- canonical/arista 7300x-64t
- canonical/arista 7300x3-32c
- canonical/arista 7300x3-48yc4
- canonical/arista 7304x3
- canonical/arista 7308x3
- canonical/arista 7320x-32c
- canonical/arista 7324x
- canonical/arista 7328x
- canonical/arista 7368x4
- canonical/arista dcs-7500e-6c2-lc
- canonical/arista 7500 series
- canonical/arista 7500r series
- canonical/arista 7500r series switch
- canonical/arista 7504r3
- canonical/arista 7508r3
- canonical/arista 7512r3
- canonical/arista 7800 series
- canonical/arista 7804r3
- canonical/arista 7808r3