CVE Vulnerabilities

CVE-2019-18948

Published: Apr 16, 2020 | Modified: Jul 21, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

Affected Software

Name Vendor Start Version End Version
Eos Arista 4.21.0 (including) 4.21.8m (including)
Eos Arista 4.22.0 (including) 4.22.3m (including)
Eos Arista 4.23.0 (including) 4.23.1f (including)
Eos Arista 4.15 (including) 4.15 (including)
Eos Arista 4.16 (including) 4.16 (including)
Eos Arista 4.17 (including) 4.17 (including)
Eos Arista 4.18 (including) 4.18 (including)
Eos Arista 4.19 (including) 4.19 (including)
Eos Arista 4.20 (including) 4.20 (including)

References