First published: Mon Dec 28 2020(Updated: )
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.22.0f<=4.22.6m | |
Arista EOS | >=4.23.0f<=4.23.4m | |
Arista EOS | >=4.24.0f<=4.24.2.4f | |
Arista 7280cr2ak-30 | ||
Arista 7280cr2k-60 | ||
Arista 7280cr3-32d4 | ||
Arista 7280cr3-32p4 | ||
Arista 7280cr3-96 | ||
Arista 7280cr3k-32d4 | ||
Arista 7280cr3k-32p4 | ||
Arista 7280cr3k-96 | ||
Arista 7280dr3-24 | ||
Arista 7280dr3k-24 | ||
Arista 7280pr3-24 | ||
Arista 7280pr3k-24 | ||
Arista 7280sr3-48yc8 | ||
Arista 7280sr3k-48yc8 | ||
Arista 7500r3-24d | ||
Arista 7500r3-24p | ||
Arista 7500r3-36cq | ||
Arista 7500r3k-36cq | ||
Arista 7504r3 | ||
Arista 7508r3 | ||
Arista 7512r3 | ||
Arista 7800r3-36p | ||
Arista 7800r3-48cq | ||
Arista 7800r3k-48cq | ||
Arista 7804r3 | ||
Arista 7808r3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-24360.
The 7800R3, 7500R3, and 7280R3 series of products are affected.
CVE-2020-24360 has a severity rating of 7.4 (high).
This vulnerability can be exploited by sending malicious ARP packets, leading to a kernel crash and device reload.
To fix CVE-2020-24360, upgrade to a version of Arista EOS that is not affected by the vulnerability.