CVE-2019-18948

Published: Apr 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

Affected (9)

Products: Arista: Eos

Arista

1 product

Eos

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Arista Eos	From 4.21.0 to 4.21.8m
Arista Eos	From 4.22.0 to 4.22.3m
Arista Eos	From 4.23.0 to 4.23.1f
Arista Eos	Version 4.15
Arista Eos	Version 4.16
Arista Eos	Version 4.17
Arista Eos	Version 4.18
Arista Eos	Version 4.19
Arista Eos	Version 4.20

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47

Source: cve@mitre.org

PatchVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.