CVE-2020-17355

Name of the Vulnerable Software and Affected Versions Arista EOS versions 4.21.12M and earlier, 4.22.x through 4.22.6M, 4.23.x through 4.23.4M, and 4.24.x through 4.24.1F

Description The issue allows remote attackers to cause a denial of service by crafting a malformed DHCP packet, leading to an incorrect route being installed. This can result in a restart of agents, specifically the SandL3Unicast, Ira, Arp, or Snmp agents. The exposure is limited to devices with the option for “ipv6 dhcp relay install routes” configured, with the malformed packet directed on a routed port that DHCP Relay is listening on.

Recommendations For Arista EOS versions 4.21.12M and earlier, update to version 4.21.12M or later. For Arista EOS versions 4.22.x through 4.22.6M, update to version 4.22.7M or later. For Arista EOS versions 4.23.x through 4.23.4M, update to version 4.23.5M or later. For Arista EOS versions 4.24.x through 4.24.1F, update to version 4.24.2F or later. As a temporary workaround, consider disabling the DHCP Relay feature on routed ports until a patch is available. Restrict access to the ipv6 dhcp relay install routes option to minimize the risk of exploitation.