CVE-2020-15898 — MEDIUM (5.3)

Q: How severe is CVE-2020-15898?

CVE-2020-15898 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15898?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7170-32C, Arista 7170-32Cd, Arista 7170-64C, Arista 7050Cx3-32S.

Vulnerability Description

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Arista	Eos	>= 4.21.0f, <= 4.21.4.1f
Arista	7170-32C	-
Arista	7170-32Cd	-
Arista	7170-64C	-
Arista	7050Cx3-32S	-
Arista	7050Cx3M-32S	-
Arista	7050Qx-32S	-
Arista	7050Qx2-32S	-
Arista	7050Sx-128	-
Arista	7050Sx-64	-
Arista	7050Sx-72Q	-
Arista	7050Sx2-128	-
Arista	7050Sx2-72Q	-
Arista	7050Sx3-48C8	-
Arista	7050Sx3-48Yc	-
Arista	7050Sx3-48Yc12	-
Arista	7050Sx3-48Yc8	-
Arista	7050Sx3-96Yc8	-
Arista	7050Tx-48	-
Arista	7050Tx-64	-

References

https://www.arista.com/en/support/advisories-notices/security-advisories/11996-sExploitVendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11996-sExploitVendor Advisory

FAQ

What is CVE-2020-15898?

CVE-2020-15898 is a vulnerability with a CVSS score of 5.3 (MEDIUM). In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not...

How severe is CVE-2020-15898?

CVE-2020-15898 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15898?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7170-32C, Arista 7170-32Cd, Arista 7170-64C, Arista 7050Cx3-32S.