PT-2020-13333 · Arista · Arista Cloudvision Exchange (Cvx) Server

Published

2020-10-26

Updated

2020-11-02

CVE-2020-13100

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Arista CloudVision eXchange (CVX) server versions prior to 4.21.12M Arista CloudVision eXchange (CVX) server versions 4.22.x prior to 4.22.7M Arista CloudVision eXchange (CVX) server versions 4.23.x prior to 4.23.5M Arista CloudVision eXchange (CVX) server versions 4.24.x prior to 4.24.2F

Description The issue allows remote attackers to cause a denial of service, resulting in the crash and restart of the ControllerOob agent, via a malformed control-plane packet.

Recommendations For versions prior to 4.21.12M, update to version 4.21.12M or later. For versions 4.22.x prior to 4.22.7M, update to version 4.22.7M or later. For versions 4.23.x prior to 4.23.5M, update to version 4.23.5M or later. For versions 4.24.x prior to 4.24.2F, update to version 4.24.2F or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-13100

Affected Products

Arista Cloudvision Exchange (Cvx) Server

PT-2020-13333 · Arista · Arista Cloudvision Exchange (Cvx) Server

CVE-2020-13100

Related Identifiers

Affected Products

References · 3