CVE-2020-24360Improper Resource Shutdown or Release in EOS

CWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 72.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista EOS
Timeline
PublishedDec 28
Latest updateMay 24

Description

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

NVDarista/eos4.22.0f4.22.6m+2

🔴Vulnerability Details

2
GHSA
GHSA-c9g5-h8rc-q6m5: An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash,2022-05-24
CVEList
CVE-2020-24360: An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash,2020-12-28
CVE-2020-24360 — Improper Resource Shutdown or Release | cvebase