· 3 min read
known vulnerabilities in arp implementations
explore critical vulnerabilities in various arp implementations impacting device security and network stability including effects on popular brands and solutions
Known Vulnerabilities in ARP Implementations
The Address Resolution Protocol (ARP), while fundamental to network communication, has several known vulnerabilities that can be exploited by malicious actors. Below are some notable vulnerabilities associated with various products and platforms:
CVE-2023-31190: The Dronescout DS230 remote ID receiver by Bluemark Innovations has an improper authentication vulnerability during the firmware update process. The firmware update procedure does not validate the TLS certificate of the endpoint from which the firmware is downloaded. An attacker can execute a man-in-the-middle attack, tricking the device into installing a malicious firmware update and gaining root privileges on the underlying Linux operating system. This affects firmware versions from 20211210-1627 through 20230329-1042.
CVE-2023-44181: In Juniper Networks’ Junos OS QFX5K devices, a security check flaw in storm control allows packets to be punted to the ARP queue, potentially creating Layer 2 loops and resulting in denial-of-service (DoS) conditions when storm control is enabled and ICMPv6 packets are present. Affected versions include all prior to 20.2r3-s6 and various versions in the 20.3, 20.4, 21.1, 21.2, 21.3, and 21.4 series.
CVE-2022-22191: A DoS vulnerability in Juniper Networks Junos OS running on the EX4300 switch allows network-adjacent attackers to send specific ARP traffic that may cause a watchdog timeout, crashing the packet forwarding engine (PFE). This affects versions prior to numerous updates across various versions, including 15.1r7-s12.
CVE-2022-26078: The Gallagher Controller 6000 is susceptible to a DoS attack through conflicting ARP packets that share duplicate IP addresses. Affected versions include VCR8.60, VCR8.50, VCR8.40, and VCR8.30 prior to certain updates.
CVE-2021-1377: In Cisco IOS and Cisco IOS XE software, a vulnerability allows an unauthenticated remote attacker to prevent devices from resolving ARP entries for legitimate hosts. The vulnerability arises from mismanagement of ARP entries, leading to potential DoS conditions.
CVE-2021-25666: Vulnerabilities in Siemens Scalance W780 and W740 devices can lead to a partial denial-of-service when specially crafted ARP packets are sent, affecting device stability.
CVE-2021-42536: The TP-Link TL-WR740N has a problematic ARP handler function that can lead to resource consumption issues within the local network. An attacker can exploit this vulnerability within the local network, and it is publicly known.
CVE-2021-0216: In Juniper Networks� Junos OS on ACX5448 and ACX710 platforms, a high rate of ARP packets can cause BFD sessions to flap, impacting routing protocols and possibly resulting in a DoS condition.
CVE-2021-0292: The uncontrolled resource consumption vulnerability in Junos OS evolved can lead to memory exhaustion by malicious local network attackers, ultimately causing a DoS condition.
CVE-2022-4296: A vulnerability in TP-Link routers, which can be exploited via local network manipulation of ARP handlers, potentially leading to service performance degradation.
These vulnerabilities highlight the critical need for ongoing vigilance in network device security, timely updates to firmware and software, and the implementation of robust security practices to mitigate the risks associated with ARP vulnerabilities.