PT-2020-15706 · Arista · Arista Eos
Published
2020-12-16
·
Updated
2021-01-05
·
CVE-2020-24360
CVSS v3.1
7.4
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Arista EOS versions 4.24.2.4F and below releases in the 4.24.x train
Arista EOS versions 4.23.4M and below releases in the 4.23.x train
Arista EOS versions 4.22.6M and below releases in the 4.22.x train
Description
An issue with ARP packets in Arista’s EOS may result in issues that cause a kernel crash, followed by a device reload. This issue affects the 7800R3, 7500R3, and 7280R3 series of products. The issue is internally found and there are no reports of it being used in any malicious manner.
Recommendations
For versions 4.24.2.4F and below releases in the 4.24.x train, update to a version above 4.24.2.4F to resolve the issue.
For versions 4.23.4M and below releases in the 4.23.x train, update to a version above 4.23.4M to resolve the issue.
For versions 4.22.6M and below releases in the 4.22.x train, update to a version above 4.22.6M to resolve the issue.
As a temporary workaround, consider disabling the handling of ARP packets until a patch is available.
Exploit
Fix
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arista Eos