CVE-2020-15898

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-15898
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx3-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7308x3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*
History

04 Jan 2021, 20:30

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : 5.0
v3 : 5.3
CPE cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7308x3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx3-64:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*
References (CONFIRM) https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 - (CONFIRM) https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 - Exploit, Vendor Advisory

28 Dec 2020, 19:21

Type Values Removed Values Added
New CVE
Information

Published : 2020-12-28 19:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-15898

Mitre link : CVE-2020-15898

CVE.ORG link : CVE-2020-15898

JSON object : View

Products Affected

arista

  • 7170-32c
  • 7050sx-64
  • 7050sx2-128
  • 7060dx4-32
  • 7260cx
  • 7308x3
  • 7050sx3-48yc12
  • 7324x
  • 7050qx2-32s
  • 7050sx3-48yc8
  • 7050cx3-32s
  • 7050tx3-48c8
  • 720xp-24zy4
  • 7300x-32q
  • 7300x3-48yc4
  • 7050sx2-72q
  • 7050tx-64
  • 7260cx3-64
  • 7050tx-72q
  • 7050sx-128
  • 7050sx3-96yc8
  • 7060sx2-48yc6
  • 7050qx-32s
  • 7300x3-32c
  • 7050tx2-128
  • 7250qx-64
  • eos
  • 7300x-64t
  • 7060px4-32
  • 7050cx3m-32s
  • 7060cx2-32s
  • 7304x3
  • 7050sx3-48yc
  • 720xp-48zc2
  • 7300x-64s
  • 7368x4
  • 7050sx3-48c8
  • 720xp-96zc2
  • 7260qx
  • 7050sx-72q
  • 7050tx-48
  • 7170-32cd
  • 720xp-24y6
  • 7170-64c
  • 7060cx-32s
  • 7260cx3
  • 7320x-32c
  • 720xp-48y6
  • 7328x
CWE
NVD-CWE-noinfo