CVE-2019-18948

Опубликовано: 16 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

Ссылки

https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47
Patch
Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.21.0 (включая) до 4.21.8m (включая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.22.0 (включая) до 4.22.3m (включая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.23.0 (включая) до 4.23.1f (включая)

cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*

cpe:2.3:o:arista:eos:4.16:*:*:*:*:*:*:*

cpe:2.3:o:arista:eos:4.17:*:*:*:*:*:*:*

cpe:2.3:o:arista:eos:4.18:*:*:*:*:*:*:*

cpe:2.3:o:arista:eos:4.19:*:*:*:*:*:*:*

cpe:2.3:o:arista:eos:4.20:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00457

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5vr9-8c6c-3m96

github

больше 3 лет назад

EPSS

Процентиль: 63%

0.00457

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo