CVE-2020-15898

Name of the Vulnerable Software and Affected Versions Arista EOS versions 4.21.4.1F and below releases in the 4.21.x train Arista EOS X-Series versions 4.21.11M and below releases in the 4.21.x train Arista EOS versions 4.22.6M and below releases in the 4.22.x train Arista EOS versions 4.23.4M and below releases in the 4.23.x train Arista EOS versions 4.24.2.1F and below releases in the 4.24.x train

Description The issue allows malformed packets to be incorrectly forwarded across VLAN boundaries in one direction, susceptible to exploitation by unidirectional traffic such as UDP, but not bidirectional traffic like TCP.

Recommendations For Arista EOS versions 4.21.4.1F and below releases in the 4.21.x train, update to a version above 4.21.4.1F. For Arista EOS X-Series versions 4.21.11M and below releases in the 4.21.x train, update to a version above 4.21.11M. For Arista EOS versions 4.22.6M and below releases in the 4.22.x train, update to a version above 4.22.6M. For Arista EOS versions 4.23.4M and below releases in the 4.23.x train, update to a version above 4.23.4M. For Arista EOS versions 4.24.2.1F and below releases in the 4.24.x train, update to a version above 4.24.2.1F.