Vulnerability Description
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Eos | < 4.23.10 |
| Arista | 7020R | - |
| Arista | 7050Cx3-32S | - |
| Arista | 7050Cx3M-32S | - |
| Arista | 7050Qx-32S | - |
| Arista | 7050Qx2-32S | - |
| Arista | 7050Sx-128 | - |
| Arista | 7050Sx-64 | - |
| Arista | 7050Sx-72Q | - |
| Arista | 7050Sx2-128 | - |
| Arista | 7050Sx2-72Q | - |
| Arista | 7050Sx3-48C8 | - |
| Arista | 7050Sx3-48Yc | - |
| Arista | 7050Sx3-48Yc12 | - |
| Arista | 7050Sx3-48Yc8 | - |
| Arista | 7050Sx3-96Yc8 | - |
| Arista | 7050Tx-48 | - |
| Arista | 7050Tx-64 | - |
| Arista | 7050Tx-72Q | - |
| Arista | 7050Tx2-128 | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisory/15439-secExploitMitigationVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisory/15439-secExploitMitigationVendor Advisory
FAQ
What is CVE-2021-28510?
CVE-2021-28510 is a vulnerability with a CVSS score of 5.3 (MEDIUM). For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of ...
How severe is CVE-2021-28510?
CVE-2021-28510 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28510?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7020R, Arista 7050Cx3-32S, Arista 7050Cx3M-32S, Arista 7050Qx-32S.