Vulnerabilities > CVE-2019-18948 - Unspecified vulnerability in Arista EOS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

arista

NVD

Published: 2020-04-16

Updated: 2021-07-21

Summary

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

Vulnerable Configurations

Part	Description	Count
OS	Arista Arista EOS 4.15 Arista EOS 4.16 Arista EOS 4.17 Arista EOS 4.18 Arista EOS 4.19 Arista EOS 4.20 Arista EOS 4.21.0 Arista EOS 4.21.0F Arista EOS 4.21.1F Arista EOS 4.21.2.4 Arista EOS 4.21.3 Arista EOS 4.21.3F Arista EOS 4.21.4.1F Arista EOS 4.21.8 Arista EOS 4.21.8M Arista EOS 4.22.0F Arista EOS 4.22.1F Arista EOS 4.22.3M Arista EOS 4.23.0F Arista EOS 4.23.1F	20

References

https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47