For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
CVE-2021-28510

5.3MEDIUM

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 26 January 2023

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2021-28510?

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.

Affected Version(s)

EOS 4.22

EOS 4.27.1 <= 4.27.0

EOS 4.26.4 <= 4.26.0

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Mar 16, 2021