CVE-2020-15898

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

CVSS v3.0 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:7260cx3-64:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7300x-32q:-:::::::*
	cpe:2.3:h:arista:7300x-64s:-:::::::*
	cpe:2.3:h:arista:7300x-64t:-:::::::*
	cpe:2.3:h:arista:7308x3:-:::::::*
	cpe:2.3:h:arista:7304x3:-:::::::*
	cpe:2.3:h:arista:7300x3-32c:-:::::::*
	cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
	cpe:2.3:h:arista:7328x:-:::::::*
	cpe:2.3:h:arista:7324x:-:::::::*
	cpe:2.3:h:arista:7320x-32c:-:::::::*
	cpe:2.3:h:arista:7368x4:-:::::::*
	cpe:2.3:h:arista:7260qx:-:::::::*

Information

Published : 2020-12-28 11:15

Updated : 2021-01-04 12:30

NVD link : CVE-2020-15898

Mitre link : CVE-2020-15898

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

arista

7060cx-32s
7050qx-32s
7050cx3-32s
7050sx3-48yc8
7050sx-72q
7060dx4-32
7304x3
7260cx
720xp-48zc2
7050sx2-128
7050sx2-72q
7060sx2-48yc6
7170-64c
720xp-96zc2
720xp-24zy4
7050cx3m-32s
720xp-24y6
7050sx3-48c8
7050sx3-96yc8
7050tx-72q
7260cx3
720xp-48y6
7328x
7050sx3-48yc12
7300x3-32c
7060px4-32
7300x-32q
7050qx2-32s
7050tx2-128
7170-32c
7050tx-64
7300x-64t
7050tx3-48c8
7368x4
7260qx
7050sx-128
7308x3
7324x
7300x-64s
7050sx-64
7170-32cd
7320x-32c
7060cx2-32s
eos
7260cx3-64
7050tx-48
7250qx-64
7300x3-48yc4
7050sx3-48yc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56", "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56", "tags": ["Exploit", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-15898", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2020-12-28T19:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.21.4.1f", "versionStartIncluding": "4.21.0f"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.21.11m", "versionStartIncluding": "4.21.0f"}, {"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.22.6m", "versionStartIncluding": "4.22.0f"}, {"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.23.4m", "versionStartIncluding": "4.23.0f"}, {"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.24.2.1f", "versionStartIncluding": "4.24.0f"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7260cx3-64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7308x3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-01-04T20:30Z"}

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2020-15898

5.3^/10

5.0^/10

Attach tags to `CVE-2020-15898`