CVE-2020-26569 — MEDIUM (5.9)

Q: How severe is CVE-2020-26569?

CVE-2020-26569 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-26569?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7010T-48, Arista 7050Cx3-32S, Arista 7050Cx3M-32S, Arista 7050Qx-32S.

Vulnerability Description

In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Arista	Eos	>= 4.21.0f, <= 4.21.12m
Arista	7010T-48	-
Arista	7050Cx3-32S	-
Arista	7050Cx3M-32S	-
Arista	7050Qx-32S	-
Arista	7050Qx2-32S	-
Arista	7050Sx-128	-
Arista	7050Sx-64	-
Arista	7050Sx-72Q	-
Arista	7050Sx2-128	-
Arista	7050Sx2-72Q	-
Arista	7050Sx3-48C8	-
Arista	7050Sx3-48Yc	-
Arista	7050Sx3-48Yc12	-
Arista	7050Sx3-48Yc8	-
Arista	7050Sx3-96Yc8	-
Arista	7050Tx-48	-
Arista	7050Tx-64	-
Arista	7050Tx-72Q	-
Arista	7050Tx2-128	-

References

https://www.arista.com/en/support/advisories-notices/security-advisories/11997-sExploitVendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11997-sExploitVendor Advisory

FAQ

What is CVE-2020-26569?

CVE-2020-26569 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in ...

How severe is CVE-2020-26569?

CVE-2020-26569 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-26569?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7010T-48, Arista 7050Cx3-32S, Arista 7050Cx3M-32S, Arista 7050Qx-32S.