CVE-2021-28510

Name of the Vulnerable Software and Affected Versions Arista EOS (affected versions not specified)

Description The issue occurs when a Precision Time Protocol (PTP) packet with an invalid Type-Length-Value (TLV) is received, causing the PTP agent to restart. Repeated restarts of the service will make it unavailable. A remote attacker can exploit this to make the PTP service unavailable, resulting in the switch failing to provide PTP time synchronization services to downstream devices. This can lead to the degradation of time maintained by these devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.