CVE-2019-14810 : What You Need to Know

A vulnerability in the Label Distribution Protocol (LDP) implementation in EOS could lead to a Denial of Service (DoS) attack and disrupt traffic forwarding.

Understanding CVE-2019-14810

What is CVE-2019-14810?

The flaw in the LDP implementation in EOS allows a malicious peer to establish an LDP session, potentially resulting in a DoS attack on route updates and causing disruptive Out of Memory (OOM) conditions.

The Impact of CVE-2019-14810

The vulnerability could lead to a Denial of Service (DoS) attack on route updates, potentially causing an Out of Memory (OOM) condition that disrupts traffic forwarding.

Technical Details of CVE-2019-14810

Vulnerability Description

Under certain circumstances, the LDP agent in EOS can establish an LDP session with a malicious peer, opening the door to DoS attacks and OOM conditions.

Affected Systems and Versions

EOS 4.22 release train: versions 4.22.1F and earlier
EOS 4.21 release train: versions 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M
EOS 4.20 release train: versions 4.20.14M and earlier
EOS 4.19 release train: versions 4.19.12M and earlier
End of support release trains (4.18 and 4.17) are also impacted.

Exploitation Mechanism

The vulnerability arises from the LDP agent's ability to establish sessions with malicious peers, enabling potential DoS attacks and OOM conditions.

Mitigation and Prevention

Immediate Steps to Take

Apply vendor-supplied patches promptly.
Monitor network traffic for signs of exploitation.
Implement network segmentation to limit the impact of potential attacks.

Long-Term Security Practices

Regularly update and patch EOS systems.
Conduct security assessments and audits to identify vulnerabilities.
Educate network administrators on best practices for securing network protocols.

Patching and Updates

Arista has released patches to address the vulnerability.
Ensure all affected systems are updated to the latest patched versions.