CVE-2019-18948 : Security Advisory and Response
Discover the impact of CVE-2019-18948 on Arista EOS systems. Learn about the vulnerability in EOS VxLAN code allowing malicious actors to crash the VxlanSwFwd agent. Find mitigation steps and patching details here.
A problem has been discovered in the Arista EOS system where malformed ARP packets can disrupt the software forwarding of VxLAN packets, potentially leading to a crash of the VxlanSwFwd agent.
Understanding CVE-2019-18948
What is CVE-2019-18948?
This CVE identifies a vulnerability in Arista's EOS VxLAN code that allows malicious actors to crash the VxlanSwFwd agent by sending malformed ARP packets.
The Impact of CVE-2019-18948
This vulnerability affects various EOS releases in the 4.21.x, 4.22.x, 4.23.x, and earlier code trains.
Technical Details of CVE-2019-18948
Vulnerability Description
- Malformed ARP packets can disrupt VxLAN packet forwarding in Arista EOS, potentially leading to a crash of the VxlanSwFwd agent.
Affected Systems and Versions
- EOS 4.21.8M and earlier releases in the 4.21.x train
- EOS 4.22.3M and earlier releases in the 4.22.x train
- EOS 4.23.1F and earlier releases in the 4.23.x train
- All releases in the 4.15, 4.16, 4.17, 4.18, 4.19, and 4.20 code train
Exploitation Mechanism
- Attackers can exploit this vulnerability by sending malformed ARP packets to disrupt VxLAN packet forwarding.
Mitigation and Prevention
Immediate Steps to Take
- Apply vendor patches and updates promptly to mitigate the vulnerability.
- Monitor network traffic for any signs of ARP packet anomalies.
Long-Term Security Practices
- Regularly update and patch network devices to prevent known vulnerabilities.
- Implement network segmentation to limit the impact of potential attacks.
- Conduct regular security audits and assessments to identify and address security gaps.
Patching and Updates
- Arista has released patches to address this vulnerability. Ensure all affected systems are updated with the latest patches.