security-advisory-0054

This advisory documents the impact of a vulnerability in Arista's EOS, specifically the routing process when malformed packets are received by IS-IS. Systems that do not have IS-IS configured are not impacted by this vulnerability. The effect of the vulnerability is dependent on the routing protocol mode configuration. The IS-IS protocol (in Multi-Agent mode) or all layer 3 protocols (in Ribd, single routing agent mode) can be affected if the IS-IS Router receives a malformed link-state PDU. The effect will be agent restarts (Rib process or IS-IS process, depending on the routing protocol mode) that could trigger route churn, which may subsequently result in traffic loss or incorrect forwarding of traffic. This is an internally found vulnerability and Arista has not received any report of this issue being used in any malicious manner.