CVE-2020-24360
First published: Mon Dec 28 2020(Updated: )
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista EOS | >=4.22.0f<=4.22.6m | |
| Arista EOS | >=4.23.0f<=4.23.4m | |
| Arista EOS | >=4.24.0f<=4.24.2.4f | |
| Arista 7280CR2AK-30 | ||
| Arista 7280CR2K-60 | ||
| Arista 7280CR3K-32D4 | ||
| Arista 7280CR3K-32P4 | ||
| Arista 7280CR3-96 | ||
| Arista 7280CR3K-32D4 | ||
| Arista 7280CR3K-32P4 | ||
| Arista 7280CR3K-96 | ||
| Arista 7280DR3K-24 | ||
| Arista 7280DR3K-24 | ||
| Arista 7280PR3K-24 | ||
| Arista 7280PR3K-24 | ||
| Arista 7280SR3-48YC8 | ||
| Arista 7280SR3K-48YC8 | ||
| Arista 7500 Series | ||
| Arista 7500R Series Switch | ||
| Arista 7500R series | ||
| Arista 7500R series | ||
| Arista 7504r3 | ||
| Arista 7508R3 | ||
| Arista 7512R3 | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista 7804r3 | ||
| Arista 7808R3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Arista EOS issue with ARP packets?
The vulnerability ID for this issue is CVE-2020-24360.
What products are affected by this vulnerability?
The 7800R3, 7500R3, and 7280R3 series of products are affected.
What is the severity rating of CVE-2020-24360?
CVE-2020-24360 has a severity rating of 7.4 (high).
How can this vulnerability be exploited?
This vulnerability can be exploited by sending malicious ARP packets, leading to a kernel crash and device reload.
How can I fix CVE-2020-24360?
To fix CVE-2020-24360, upgrade to a version of Arista EOS that is not affected by the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arista
- canonical/arista eos
- version/arista eos/4.22.0f
- version/arista eos/4.22.6m
- version/arista eos/4.23.0f
- version/arista eos/4.23.4m
- version/arista eos/4.24.0f
- version/arista eos/4.24.2.4f
- canonical/arista 7280cr2ak-30
- canonical/arista 7280cr2k-60
- canonical/arista 7280cr3k-32d4
- canonical/arista 7280cr3k-32p4
- canonical/arista 7280cr3-96
- canonical/arista 7280cr3k-96
- canonical/arista 7280dr3k-24
- canonical/arista 7280pr3k-24
- canonical/arista 7280sr3-48yc8
- canonical/arista 7280sr3k-48yc8
- canonical/arista 7500 series
- canonical/arista 7500r series switch
- canonical/arista 7500r series
- canonical/arista 7504r3
- canonical/arista 7508r3
- canonical/arista 7512r3
- canonical/arista 7800 series
- canonical/arista 7804r3
- canonical/arista 7808r3