CVE-2019-18948 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2019-18948

Analyzed

More Info Official Page

Source-cve@mitre.org

Published At-16 Apr, 2020 | 19:15

Updated At-21 Jul, 2021 | 11:39

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Arista Networks, Inc.

>>eos>>Versions from 4.21.0(inclusive) to 4.21.8m(inclusive)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>Versions from 4.22.0(inclusive) to 4.22.3m(inclusive)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>Versions from 4.23.0(inclusive) to 4.23.1f(inclusive)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.15

cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.16

cpe:2.3:o:arista:eos:4.16:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.17

cpe:2.3:o:arista:eos:4.17:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.18

cpe:2.3:o:arista:eos:4.18:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.19

cpe:2.3:o:arista:eos:4.19:*:*:*:*:*:*:*

Arista Networks, Inc.

>>eos>>4.20

cpe:2.3:o:arista:eos:4.20:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47	cve@mitre.org	Patch Vendor Advisory