CVE-2018-5255

Name of the Vulnerable Software and Affected Versions Arista EOS versions 4.19 through 4.19.4M Arista EOS versions 4.20 through 4.20.2F

Description The issue allows remote attackers to cause a denial of service, specifically an agent restart, by sending crafted UDP packets to the switch's IP address on a specific UDP port. These malformed UDP packets are not typically expected in production environments and would need to be crafted and sent by a malicious user.

Recommendations For Arista EOS versions 4.19 through 4.19.4M, update to version 4.19.4M or later. For Arista EOS versions 4.20 through 4.20.2F, update to version 4.20.2F or later. As a temporary workaround, consider restricting access to the specific UDP port used by the Mlag agent to minimize the risk of exploitation.