[nsp-sec] Arista EOS Remote Privilege Escalation Vulnerability

John Fraizer john at op-sec.us
Thu Nov 5 19:33:20 EST 2015 

Summary:

Arista EOS Remote Privilege Escalation Vulnerability

This advisory is to document a security vulnerability identified by Arista
Networks that affects EOS. Affected EOS releases are listed in Table ­ 1
below . T​his issue is a privilege escalation vulnerability that could
allow a remote attacker with IP connectivity to the control plane of the
switch to run arbitrary code as a privileged user. This includes getting
root level access to the bash shell on the switch. It is not required for
the attacker to have credentials for a user account on the switch. All
methods of control plane access are exposed.

NOTE: T​his vulnerability was identified internally by Arista Networks and
there have been no external reports of an exploit, as of the date of this
notice.

Older release trains

4.15.0F

   -

   ●  4.15.0FX
   -

   ●  4.15.0FXA
   -

   ●  4.15.0FX1 4.15.1F
   -

   ●  4.15.1FXB
   -

   ●  4.15.1FX­7060X
   -

   ●  4.15.1FX­7260QX

   4.15.2F

4.14.0F 4.14.1F 4.14.2F 4.14.3F 4.14.3.1F 4.14.4F 4.14.4.1F 4.14.4.2F
4.14.5F

   -

   ●  4.14.5FX
   -

   ●  4.14.5FX.1
   -

   ●  4.14.5FX.2
   -

   ●  4.14.5FX.3
   -

   ●  4.14.5FX.4
   -

   ●  4.14.5.1F­SSU

   4.14.6M 4.14.7M 4.14.7.1M 4.14.8M 4.14.8.1M 4.14.9M

4.13.1.1F 4.13.2.1F 4.13.3.1F 4.13.4.1F 4.13.5F 4.13.5.1F 4.13.6F 4.13.7M
4.13.7.2M 4.13.7.3M 4.13.8M 4.13.9M 4.13.9.1M 4.13.10M 4.13.11M 4.13.12M
4.13.13M

4.12.5.2 4.12.6.1 4.12.7.1 4.12.8 4.12.8.1 4.12.9 4.12.10

All releases in 4.11
All releases in 4.10
All releases in 4.9
All releases in 4.8
All releases in 4.7
All releases in 4.6
All releases in 4.5
All release trains older than 4.5

Table­1: Affected EOS releases--

John Fraizer
LinkedIn profile: http://www.linkedin.com/in/johnfraizer/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SecurityAdvisory0015.pdf
Type: application/pdf
Size: 184212 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20151105/d863e6e9/attachment.pdf>

More information about the nsp-security mailing list