CVE-2020-15897

Name of the Vulnerable Software and Affected Versions Arista EOS versions 4.21.12M and earlier, 4.22.x through 4.22.6M, 4.23.x through 4.23.4M, and 4.24.x through 4.24.1F

Description The issue allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router. This vulnerability affects the routing process when malformed packets are received by IS-IS. The impact is dependent on the routing protocol mode configuration, potentially affecting the IS-IS protocol or all layer 3 protocols, leading to agent restarts and possible route churn. Arista has not received any reports of this issue being used maliciously.

Recommendations For Arista EOS versions 4.21.12M and earlier, update to version 4.21.12M or later. For Arista EOS versions 4.22.x through 4.22.6M, update to version 4.22.7M or later. For Arista EOS versions 4.23.x through 4.23.4M, update to version 4.23.5M or later. For Arista EOS versions 4.24.x through 4.24.1F, update to version 4.24.2F or later.