CVE-2020-15898

Published: Dec 28, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

Affected (5)

Products: Arista: Eos

Arista

1 product

Eos

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Arista Eos	From 4.21.0f to 4.21.4.1f

Running on/with	Platform Versions
Arista 7170 32c	All versions
Arista 7170 32cd	All versions
Arista 7170 64c	All versions

Configuration B

4 vulnerable · 45 platform

Vulnerable Software	Affected Versions
Arista Eos	From 4.21.0f to 4.21.11m
Arista Eos	From 4.22.0f to 4.22.6m
Arista Eos	From 4.23.0f to 4.23.4m
Arista Eos	From 4.24.0f to 4.24.2.1f

Running on/with	Platform Versions
Arista 7050cx3 32s	All versions
Arista 7050cx3m 32s	All versions
Arista 7050qx 32s	All versions
Arista 7050qx2 32s	All versions
Arista 7050sx 128	All versions
Arista 7050sx 64	All versions
Arista 7050sx 72q	All versions
Arista 7050sx2 128	All versions
Arista 7050sx2 72q	All versions
Arista 7050sx3 48c8	All versions
Arista 7050sx3 48yc	All versions
Arista 7050sx3 48yc12	All versions
Arista 7050sx3 48yc8	All versions
Arista 7050sx3 96yc8	All versions
Arista 7050tx 48	All versions
Arista 7050tx 64	All versions
Arista 7050tx 72q	All versions
Arista 7050tx2 128	All versions
Arista 7050tx3 48c8	All versions
Arista 7060cx 32s	All versions
Arista 7060cx2 32s	All versions
Arista 7060dx4 32	All versions
Arista 7060px4 32	All versions
Arista 7060sx2 48yc6	All versions
Arista 720xp 24y6	All versions
Arista 720xp 24zy4	All versions
Arista 720xp 48y6	All versions
Arista 720xp 48zc2	All versions
Arista 720xp 96zc2	All versions
Arista 7250qx 64	All versions
Arista 7260cx	All versions
Arista 7260cx3	All versions
Arista 7260cx3 64	All versions
Arista 7260qx	All versions
Arista 7300x 32q	All versions
Arista 7300x 64s	All versions
Arista 7300x 64t	All versions
Arista 7300x3 32c	All versions
Arista 7300x3 48yc4	All versions
Arista 7304x3	All versions
Arista 7308x3	All versions
Arista 7320x 32c	All versions
Arista 7324x	All versions
Arista 7328x	All versions
Arista 7368x4	All versions

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56

Source: cve@mitre.org

ExploitVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.