Network devices with Arista EOS can forget encryption
Under certain conditions, network devices with Arista EOS send data in plain text that should actually be encrypted.
(Image: Sergey Nivens/Shutterstock.com)
Due to a software error, there may be problems with encrypted data traffic on switches & co. with the Arista EOS network operating system. However, this only happens under certain conditions.
The security vulnerability
As can be seen from a warning message, the encryption of data traffic does not work reliably. However, according to the developers, this is only the case if Secure Vxlan is configured. If this is the case and users restart the Tunnelsec agent, packets are then sent unencrypted via Secure Vxlan tunnels.
The vulnerability (CVE-2024-12378) is classified as "critical". Arista states that they have not received any reports of attacks from customers to date. Only the following products are said to be affected:
- 7280CR3MK-32P4
- 7280CR3MK-32P4S
- 7280CR3MK-32D4S
- 7280CR3MK-32D4A
In the warning message, the developers list indicators of compromise (IoC) that admins can use to recognize attacks that have already taken place. They also list a temporary solution if admins are unable to install the security update immediately.
Videos by heise
These EOS versions are equipped against the described attack:
- 4.33.0F
- 4.32.3M
- 4.31.7M
- 4.30.9M
- 4.29.10M
(des)
