Описание
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
Ссылки
- MitigationVendor Advisory
- MitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.26 (включая) до 4.26.4m (исключая)Версия от 4.27 (включая) до 4.27.1f (исключая)
Одновременно
Одно из
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:arista:ccs-710p-12:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-710p-16p:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-720xp-24y6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-720xp-24zy4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-720xp-48y6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-720xp-48zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-720xp-96zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-722xpm-48y4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:ccs-722xpm-48zy8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7010tx-48:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050cx3-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050cx3m-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050sx3-48c8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050sx3-48yc12:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050sx3-48yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050sx3-96yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dcs-7050tx3-48c8:-:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284
CWE-863
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
EPSS
Процентиль: 40%
0.00184
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-284
CWE-863