#VU109285 Race condition in Arista Extensible Operating System (EOS) - CVE-2019-14810
Published: May 17, 2025
Vulnerability identifier: #VU109285
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-14810
CWE-ID: CWE-362
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Arista Extensible Operating System (EOS)
Arista Extensible Operating System (EOS)
Software vendor:
Arista Networks
Arista Networks
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the implementation of the Label Distribution Protocol (LDP) protocol. The LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding.
Remediation
Install updates from vendor's website.