Arista Products SSH Session Multiplexing Vulnerability Allowing Unauthorized File-System Operations

A vulnerability exists in multiple Arista products, including Danz Monitoring Fabric, Converged Cloud Fabric, CloudVision Appliance, and Multi-Cloud Director. When SSH session multiplexing is enabled on the client side, SSH sessions that are multiplexed onto the same channel can continue to perform file-system operations after the session has timed out. This issue arises from insufficient session expiration, allowing operations to be carried out even when a session is no longer active.

Impact

Exploitation of this vulnerability could lead to unauthorized file-system modifications through SSH sessions that remain active on a multiplexed channel, despite having exceeded the designated session timeout.

Remediation

Users are advised to upgrade to the latest versions of the respective products that address this vulnerability. For Danz Monitoring Fabric, versions 8.7.1, 8.6.2, 8.5.3, and 8.4.6 are recommended. Converged Cloud Fabric users should upgrade to version 6.2.5 or later. For CloudVision Appliance, version 7.1.0 or later is recommended, and Multi-Cloud Director users should upgrade to version 2.4.1 or later.