CVE-2016-6894 - OpenCVE

Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arista	Dcs-7050q Dcs-7050q Eos Software Dcs-7050s Dcs-7050s Eos Software Dcs-7050t Dcs-7050t Eos Software

Configuration 1 [-]

AND

cpe:2.3:o:arista:dcs-7050t_eos_software:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:dcs-7050t:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arista:dcs-7050q_eos_software:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:dcs-7050q:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arista:dcs-7050s_eos_software:*:*:*:*:*:*:*:*

cpe:2.3:h:arista:dcs-7050s:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95267
https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-04T21:00:00

Updated: 2024-08-06T01:43:38.521Z

Reserved: 2016-08-19T00:00:00

Link: CVE-2016-6894

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-04T21:59:00.137

Modified: 2017-01-07T03:00:38.823

Link: CVE-2016-6894

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-17T00:00:00", "descriptions": [{"lang": "en", "value": "Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-05T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "95267", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95267"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6894", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95267", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95267"}, {"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25", "refsource": "CONFIRM", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:43:38.521Z"}, "title": "CVE Program Container", "references": [{"name": "95267", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95267"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6894", "datePublished": "2017-01-04T21:00:00", "dateReserved": "2016-08-19T00:00:00", "dateUpdated": "2024-08-06T01:43:38.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:dcs-7050t_eos_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAFB7AD4-267C-4D33-8941-E66D41F3E7F2", "versionEndIncluding": "4.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:dcs-7050t:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A7AE249-7B7D-44A9-9ACD-97BDD55574D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:dcs-7050q_eos_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "32B8D0F1-8761-4F7E-8528-C0ED4A8A8AB4", "versionEndIncluding": "4.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:dcs-7050q:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BF337B4-E1C4-4FF6-B6EB-7B8619804C87", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:dcs-7050s_eos_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "523C79AB-C3AA-4D38-9D7A-912EB814D7CD", "versionEndIncluding": "4.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:dcs-7050s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBDA1586-45F7-46EE-9DF6-44A60F4F5C84", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane."}, {"lang": "es", "value": "Arista EOS 4.15 en versiones anteriores a 4.15.8M, 4.16 en versiones anteriores a 4.16.7M y 4.17 en versiones anteriores a 4.17.0F en dispositivos de la serie DCS-7050 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) enviando paquetes manipulados al plano de control."}], "id": "CVE-2016-6894", "lastModified": "2017-01-07T03:00:38.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-04T21:59:00.137", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/95267"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1752-security-advisory-25"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}