Eos@4.22 Security Vulnerabilities and Issues — Eos@4.22 CVE List

Lucene search

AristaEos4.22

8 matches found

CVE•added 2021/01/20 4:15 p.m.•875 views

CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query...

4.3CVSS6AI score0.01208EPSS

CVE•added 2021/01/20 5:15 p.m.•781 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the sam...

4.3CVSS5.9AI score0.01208EPSS

CVE•added 2021/01/20 4:15 p.m.•725 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNS...

4.3CVSS6AI score0.01132EPSS

CVE•added 2020/03/06 3:15 p.m.•663 views

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

10CVSS9.9AI score0.06779EPSS

CVE•added 2022/02/04 11:15 p.m.•161 views

CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

9.8CVSS8.8AI score0.00445EPSS

CVE•added 2021/10/21 5:15 p.m.•41 views

CVE-2021-28496

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...

6.5CVSS6AI score0.00087EPSS

CVE•added 2020/10/21 10:15 p.m.•35 views

CVE-2020-17355

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.

7.5CVSS7.4AI score0.0056EPSS

CVE•added 2020/10/26 4:15 p.m.•30 views

CVE-2020-15897

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

7.5CVSS7.5AI score0.00691EPSS