Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15898

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

Published

2020-12-28T19:15:12.783

Last Modified

2024-11-21T05:06:24.367

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arista	eos	≤ 4.21.4.1f	Yes
Hardware	arista	7170-32c	-	No
Hardware	arista	7170-32cd	-	No
Hardware	arista	7170-64c	-	No
Operating System	arista	eos	≤ 4.21.11m	Yes
Operating System	arista	eos	≤ 4.22.6m	Yes
Operating System	arista	eos	≤ 4.23.4m	Yes
Operating System	arista	eos	≤ 4.24.2.1f	Yes
Hardware	arista	7050cx3-32s	-	No
Hardware	arista	7050cx3m-32s	-	No
Hardware	arista	7050qx-32s	-	No
Hardware	arista	7050qx2-32s	-	No
Hardware	arista	7050sx-128	-	No
Hardware	arista	7050sx-64	-	No
Hardware	arista	7050sx-72q	-	No
Hardware	arista	7050sx2-128	-	No
Hardware	arista	7050sx2-72q	-	No
Hardware	arista	7050sx3-48c8	-	No
Hardware	arista	7050sx3-48yc	-	No
Hardware	arista	7050sx3-48yc12	-	No
Hardware	arista	7050sx3-48yc8	-	No
Hardware	arista	7050sx3-96yc8	-	No
Hardware	arista	7050tx-48	-	No
Hardware	arista	7050tx-64	-	No
Hardware	arista	7050tx-72q	-	No
Hardware	arista	7050tx2-128	-	No
Hardware	arista	7050tx3-48c8	-	No
Hardware	arista	7060cx-32s	-	No
Hardware	arista	7060cx2-32s	-	No
Hardware	arista	7060dx4-32	-	No
Hardware	arista	7060px4-32	-	No
Hardware	arista	7060sx2-48yc6	-	No
Hardware	arista	720xp-24y6	-	No
Hardware	arista	720xp-24zy4	-	No
Hardware	arista	720xp-48y6	-	No
Hardware	arista	720xp-48zc2	-	No
Hardware	arista	720xp-96zc2	-	No
Hardware	arista	7250qx-64	-	No
Hardware	arista	7260cx	-	No
Hardware	arista	7260cx3	-	No
Hardware	arista	7260cx3-64	-	No
Hardware	arista	7260qx	-	No
Hardware	arista	7300x-32q	-	No
Hardware	arista	7300x-64s	-	No
Hardware	arista	7300x-64t	-	No
Hardware	arista	7300x3-32c	-	No
Hardware	arista	7300x3-48yc4	-	No
Hardware	arista	7304x3	-	No
Hardware	arista	7308x3	-	No
Hardware	arista	7320x-32c	-	No
Hardware	arista	7324x	-	No
Hardware	arista	7328x	-	No
Hardware	arista	7368x4	-	No

References

https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 Exploit, Vendor Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)