Vulnerability Description
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Eos | >= 4.22.0f, <= 4.22.6m |
| Arista | 7280Cr2Ak-30 | - |
| Arista | 7280Cr2K-60 | - |
| Arista | 7280Cr3-32D4 | - |
| Arista | 7280Cr3-32P4 | - |
| Arista | 7280Cr3-96 | - |
| Arista | 7280Cr3K-32D4 | - |
| Arista | 7280Cr3K-32P4 | - |
| Arista | 7280Cr3K-96 | - |
| Arista | 7280Dr3-24 | - |
| Arista | 7280Dr3K-24 | - |
| Arista | 7280Pr3-24 | - |
| Arista | 7280Pr3K-24 | - |
| Arista | 7280Sr3-48Yc8 | - |
| Arista | 7280Sr3K-48Yc8 | - |
| Arista | 7500R3-24D | - |
| Arista | 7500R3-24P | - |
| Arista | 7500R3-36Cq | - |
| Arista | 7500R3K-36Cq | - |
| Arista | 7504R3 | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisories/11999-sExploitVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/11999-sExploitVendor Advisory
FAQ
What is CVE-2020-24360?
CVE-2020-24360 is a vulnerability with a CVSS score of 7.4 (HIGH). An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista E...
How severe is CVE-2020-24360?
CVE-2020-24360 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24360?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7280Cr2Ak-30, Arista 7280Cr2K-60, Arista 7280Cr3-32D4, Arista 7280Cr3-32P4.