Arbitrary file deletion

2020-12-2819:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

CPENameOperatorVersion
eoseq>= 4.21.0f AND <= 4.21.4.1f
eoseq>= 4.21.0f AND <= 4.21.11m
eoseq>= 4.22.0f AND <= 4.22.6m
eoseq>= 4.23.0f AND <= 4.23.4m
eoseq>= 4.24.0f AND <= 4.24.2.1f

Name	Operator	Version
eos	eq	>= 4.21.0f AND <= 4.21.4.1f
eos	eq	>= 4.21.0f AND <= 4.21.11m
eos	eq	>= 4.22.0f AND <= 4.22.6m
eos	eq	>= 4.23.0f AND <= 4.23.4m
eos	eq	>= 4.24.0f AND <= 4.24.2.1f