CVE-2019-18948

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Aristas EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
aristaeos
4.21.0 ≤
𝑥
≤ 4.21.8m
aristaeos
4.22.0 ≤
𝑥
≤ 4.22.3m
aristaeos
4.23.0 ≤
𝑥
≤ 4.23.1f
aristaeos
4.15
aristaeos
4.16
aristaeos
4.17
aristaeos
4.18
aristaeos
4.19
aristaeos
4.20
𝑥
= Vulnerable software versions
References
https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47
https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47