CVE-2019-14810

{"id": "CVE-2019-14810", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-10-10T19:15:10.950", "references": [{"url": "https://www.arista.com/en/support/advisories-notices", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/8321-security-advisory-42", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)"}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en la implementaci\u00f3n del protocolo Label Distribution Protocol (LDP) en EOS. En condiciones de carrera, el agente de LDP puede establecer una sesi\u00f3n de LDP con un peer malicioso, permitiendo potencialmente la posibilidad de un ataque de Denegaci\u00f3n de Servicio (DoS) sobre las actualizaciones de ruta y, a su vez, conllevando potencialmente a una condici\u00f3n Out of Memory (OOM) que es perjudicial para el reenv\u00edo de tr\u00e1fico. Las versiones EOS afectadas incluyen: tren de publicaciones de 4.22: 4.22.1F y versiones anteriores; tren de publicaciones de 4.21: 4.21.0F hasta 4.21.2.3F, 4.21.3F hasta 4.21.7.1M; tren de publicaciones de 4.20: 4.20.14M y versiones anteriores; tren de publicaciones de 4.19: 4.19.12M y versiones anteriores; trenes de publicaciones de fin de soporte (4.18 y 4.17)"}], "lastModified": "2019-10-21T13:31:04.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF0622F4-B19E-4D53-A0AF-481F0D65AA87", "versionEndIncluding": "4.19.12m", "versionStartIncluding": "4.19"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1A9BBA3-708A-4F20-A9C1-54B1368D1BA8", "versionEndIncluding": "4.20.14m", "versionStartIncluding": "4.20"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F31FBFC-C81E-4BC1-AC4E-FBD0F0CD00B8", "versionEndIncluding": "4.21.2.3f", "versionStartIncluding": "4.21.0f"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F87620-E066-4250-9745-A8B842612AFE", "versionEndIncluding": "4.21.7", "versionStartIncluding": "4.21.3f"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:4.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB48708-D409-4379-9F2C-170F3A1B53BC"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:4.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C0823B5-1F76-4712-A17A-C43DCAA189DE"}, {"criteria": "cpe:2.3:o:arista:extensible_operating_system:4.22.1f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A96FAAFE-DB6E-40CA-A0FF-C9C76C8DF1C6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arista:7020r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3371EEF-9D7A-4EF6-A435-A0F1034E5EE7"}, {"criteria": "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5"}, {"criteria": "cpe:2.3:h:arista:7280r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C02B50F5-B316-4081-BC9E-6F1778049096"}, {"criteria": "cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21CB1AAF-FC82-4A80-9932-42E8EFA3906A"}, {"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914"}, {"criteria": "cpe:2.3:h:arista:7500e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06C61DCC-D1CF-4CE5-9634-4BE3E071E83E"}, {"criteria": "cpe:2.3:h:arista:7500r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC651584-113E-4859-9F14-12D62F3BD626"}, {"criteria": "cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "583725F6-8583-425C-A847-700DBB9169E7"}, {"criteria": "cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C6A4B3C-FF12-4DCD-9945-8450AD0BDEED"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}