CVE-2019-18948Improper Input Validation in EOS

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 36.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista EOS
Timeline
PublishedApr 16
Latest updateMay 24

Description

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDarista/eos4.21.04.21.8m+8

Patches

Patch: www.arista.comPatch: www.arista.com

🔴Vulnerability Details

2
GHSA
GHSA-5vr9-8c6c-3m96: An issue was found in Arista EOS2022-05-24
CVEList
CVE-2019-18948: An issue was found in Arista EOS2020-04-16
CVE-2019-18948 — Improper Input Validation in EOS | cvebase