MidnightBSD

Advisories for arista

CVE-2014-6271 HIGH

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_security_information_and_event_manager 7.1.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
redhat virtualization 3.4
ibm qradar_security_information_and_event_manager 7.2.1
redhat enterprise_linux 4.0
suse linux_enterprise_software_development_kit 11
ibm qradar_security_information_and_event_manager 7.1.0
suse linux_enterprise_desktop 12
novell open_enterprise_server 11.0
ibm qradar_security_information_and_event_manager 7.2.7
f5 big-ip_link_controller *
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
f5 arx_firmware *
ibm qradar_vulnerability_manager 7.2.3
novell zenworks_configuration_management 10.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm stn7800_firmware *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.4
vmware esx 4.1
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server_from_rhui 6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_global_traffic_manager 11.6.0
vmware vcenter_server_appliance 5.5
f5 traffix_signaling_delivery_controller 3.5.1
f5 traffix_signaling_delivery_controller *
f5 big-ip_edge_gateway *
ibm qradar_security_information_and_event_manager 7.2.4
ibm qradar_security_information_and_event_manager 7.1.1
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm smartcloud_provisioning 2.1.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager *
mageia mageia 4.0
novell zenworks_configuration_management 11.1
f5 traffix_signaling_delivery_controller 3.4.1
ibm qradar_security_information_and_event_manager 7.2.8.15
f5 big-ip_global_traffic_manager *
canonical ubuntu_linux 12.04
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_server_aus 5.6
oracle linux 6
f5 enterprise_manager *
redhat enterprise_linux_server_from_rhui 5.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
f5 big-iq_device *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
redhat enterprise_linux_workstation 5.0
f5 big-ip_protocol_security_module *
redhat enterprise_linux_server_aus 6.5
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm stn6500_firmware *
f5 big-ip_wan_optimization_manager *
novell zenworks_configuration_management 11
checkpoint security_gateway *
ibm storwize_v5000_firmware *
qnap qts *
ibm smartcloud_entry_appliance 3.1.0
ibm qradar_security_information_and_event_manager 7.2.5
gnu bash *
ibm qradar_vulnerability_manager 7.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_eus 7.6
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
vmware esx 4.0
mageia mageia 3.0
redhat enterprise_linux_desktop 6.0
ibm pureapplication_system 2.0.0.0
ibm qradar_risk_manager 7.1.0
ibm workload_deployer *
f5 big-ip_analytics *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_eus 6.5
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm qradar_vulnerability_manager 7.2.4
f5 big-ip_link_controller 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
ibm infosphere_guardium_database_activity_monitoring 9.1
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_eus 7.3
suse linux_enterprise_server 10
ibm flex_system_v7000_firmware *
redhat enterprise_linux_desktop 7.0
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux_desktop 5.0
ibm qradar_security_information_and_event_manager 7.2
ibm qradar_vulnerability_manager 7.2.1
redhat enterprise_linux_server_from_rhui 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_aus 7.7
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.2.6
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_server_aus 5.9
suse studio_onsite 1.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
f5 traffix_signaling_delivery_controller 4.1.0
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 5.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm smartcloud_entry_appliance 2.3.0
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_server 7.0
ibm pureapplication_system *
novell open_enterprise_server 2.0
f5 big-ip_advanced_firewall_manager 11.6.0
citrix netscaler_sdx_firmware *
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 10.04
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
redhat enterprise_linux_server_aus 7.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm qradar_security_information_and_event_manager 7.2.9
ibm san_volume_controller_firmware *
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_server_aus 6.2
arista eos *
opensuse opensuse 13.2
f5 big-ip_access_policy_manager *
qnap qts 4.1.1
redhat enterprise_linux_server_aus 6.4
ibm qradar_security_information_and_event_manager 7.2.8
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
oracle linux 5
ibm stn6800_firmware *
ibm software_defined_network_for_virtual_environments *
canonical ubuntu_linux 14.04
oracle linux 4
f5 big-ip_policy_enforcement_manager 11.6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
redhat enterprise_linux_eus 7.5
redhat gluster_storage_server_for_on-premise 2.1
suse linux_enterprise_software_development_kit 12
debian debian_linux 7.0
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
redhat enterprise_linux_server 6.0
redhat enterprise_linux 6.0
ibm infosphere_guardium_database_activity_monitoring 8.2
f5 big-ip_analytics 11.6.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_scientific_computing 7.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
f5 traffix_signaling_delivery_controller 3.3.2
ibm smartcloud_entry_appliance 2.4.0
suse linux_enterprise_server 12
f5 big-iq_security *
f5 big-ip_local_traffic_manager 11.6.0
vmware vcenter_server_appliance 5.1
ibm qradar_vulnerability_manager 7.2.6
apple mac_os_x *
opensuse opensuse 12.3
ibm starter_kit_for_cloud 2.2.0
ibm storwize_v3500_firmware *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
f5 big-ip_application_acceleration_manager 11.6.0
suse linux_enterprise_desktop 11
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
f5 big-ip_webaccelerator *
ibm storwize_v3700_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_tus 7.7
ibm qradar_vulnerability_manager 7.2.8
ibm storwize_v7000_firmware *
redhat enterprise_linux 5.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 big-iq_cloud *
CVE-2014-7169 HIGH

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
ibm infosphere_guardium_database_activity_monitoring 9.0
ibm qradar_security_information_and_event_manager 7.1.2
ibm security_access_manager_for_web_7.0_firmware 7.0.0.8
redhat virtualization 3.4
ibm qradar_security_information_and_event_manager 7.2.1
redhat enterprise_linux 4.0
suse linux_enterprise_software_development_kit 11
ibm qradar_security_information_and_event_manager 7.1.0
suse linux_enterprise_desktop 12
novell open_enterprise_server 11.0
ibm qradar_security_information_and_event_manager 7.2.7
f5 big-ip_link_controller *
redhat enterprise_linux_for_ibm_z_systems 5.9_s390x
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.3
f5 arx_firmware *
ibm qradar_vulnerability_manager 7.2.3
novell zenworks_configuration_management 10.3
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.5
ibm stn7800_firmware *
opensuse opensuse 13.1
redhat enterprise_linux_eus 7.4
vmware esx 4.1
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server_from_rhui 6.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_global_traffic_manager 11.6.0
vmware vcenter_server_appliance 5.5
f5 traffix_signaling_delivery_controller 3.5.1
f5 traffix_signaling_delivery_controller *
f5 big-ip_edge_gateway *
ibm qradar_security_information_and_event_manager 7.2.4
ibm qradar_security_information_and_event_manager 7.1.1
ibm qradar_vulnerability_manager 7.2.2
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_ibm_z_systems 6.4_s390x
ibm smartcloud_provisioning 2.1.0
f5 big-ip_application_security_manager 11.6.0
f5 big-ip_application_security_manager *
mageia mageia 4.0
novell zenworks_configuration_management 11.1
f5 traffix_signaling_delivery_controller 3.4.1
ibm qradar_security_information_and_event_manager 7.2.8.15
f5 big-ip_global_traffic_manager *
canonical ubuntu_linux 12.04
vmware vcenter_server_appliance 5.0
redhat enterprise_linux_server_aus 5.6
oracle linux 6
f5 enterprise_manager *
redhat enterprise_linux_server_from_rhui 5.0
ibm security_access_manager_for_web_7.0_firmware 7.0.0.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.6
f5 big-iq_device *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_for_ibm_z_systems 7.3_s390x
redhat enterprise_linux_workstation 5.0
f5 big-ip_protocol_security_module *
redhat enterprise_linux_server_aus 6.5
f5 big-ip_application_acceleration_manager *
redhat enterprise_linux_for_ibm_z_systems 7.6_s390x
ibm stn6500_firmware *
f5 big-ip_wan_optimization_manager *
novell zenworks_configuration_management 11
checkpoint security_gateway *
ibm storwize_v5000_firmware *
qnap qts *
ibm smartcloud_entry_appliance 3.1.0
ibm qradar_security_information_and_event_manager 7.2.5
gnu bash *
ibm qradar_vulnerability_manager 7.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_eus 7.6
ibm qradar_security_information_and_event_manager 7.2.3
redhat enterprise_linux_for_scientific_computing 6.0
redhat enterprise_linux_for_power_big_endian 5.0_ppc
ibm security_access_manager_for_web_8.0_firmware 8.0.0.3
vmware esx 4.0
mageia mageia 3.0
redhat enterprise_linux_desktop 6.0
ibm pureapplication_system 2.0.0.0
ibm qradar_risk_manager 7.1.0
ibm workload_deployer *
f5 big-ip_analytics *
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.1
redhat enterprise_linux_eus 6.5
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_for_power_big_endian 5.9_ppc
ibm security_access_manager_for_web_7.0_firmware 7.0.0.2
ibm qradar_vulnerability_manager 7.2.4
f5 big-ip_link_controller 11.6.0
redhat enterprise_linux_for_ibm_z_systems 7.7_s390x
ibm infosphere_guardium_database_activity_monitoring 9.1
ibm smartcloud_entry_appliance 3.2.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_eus 7.3
suse linux_enterprise_server 10
ibm flex_system_v7000_firmware *
redhat enterprise_linux_desktop 7.0
f5 big-ip_access_policy_manager 11.6.0
redhat enterprise_linux_desktop 5.0
ibm qradar_security_information_and_event_manager 7.2
ibm qradar_vulnerability_manager 7.2.1
redhat enterprise_linux_server_from_rhui 7.0
novell zenworks_configuration_management 11.2
redhat enterprise_linux_server_aus 7.7
novell zenworks_configuration_management 11.3.0
ibm qradar_security_information_and_event_manager 7.2.6
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
ibm security_access_manager_for_web_8.0_firmware 8.0.0.5
redhat enterprise_linux_server_aus 5.9
suse studio_onsite 1.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.5
f5 traffix_signaling_delivery_controller 4.1.0
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 5.0
ibm qradar_security_information_and_event_manager 7.2.0
redhat enterprise_linux_eus 6.4
redhat enterprise_linux_for_power_big_endian_eus 6.5_ppc64
ibm smartcloud_entry_appliance 2.3.0
f5 big-ip_local_traffic_manager *
f5 big-ip_advanced_firewall_manager *
redhat enterprise_linux_server 7.0
ibm pureapplication_system *
novell open_enterprise_server 2.0
f5 big-ip_advanced_firewall_manager 11.6.0
citrix netscaler_sdx_firmware *
redhat enterprise_linux_eus 5.9
redhat enterprise_linux_server_tus 7.3
canonical ubuntu_linux 10.04
redhat enterprise_linux_for_power_big_endian 6.4_ppc64
redhat enterprise_linux_server_aus 7.3
ibm security_access_manager_for_web_7.0_firmware 7.0.0.4
ibm security_access_manager_for_web_7.0_firmware 7.0.0.1
ibm qradar_security_information_and_event_manager 7.2.9
ibm san_volume_controller_firmware *
ibm qradar_security_information_and_event_manager 7.2.2
redhat enterprise_linux_server_aus 6.2
arista eos *
opensuse opensuse 13.2
f5 big-ip_access_policy_manager *
qnap qts 4.1.1
redhat enterprise_linux_server_aus 6.4
ibm qradar_security_information_and_event_manager 7.2.8
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
oracle linux 5
ibm stn6800_firmware *
ibm software_defined_network_for_virtual_environments *
canonical ubuntu_linux 14.04
oracle linux 4
f5 big-ip_policy_enforcement_manager 11.6.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_ibm_z_systems 7.5_s390x
redhat enterprise_linux_eus 7.5
redhat gluster_storage_server_for_on-premise 2.1
suse linux_enterprise_software_development_kit 12
debian debian_linux 7.0
redhat enterprise_linux_for_ibm_z_systems 7.4_s390x
redhat enterprise_linux_server 6.0
redhat enterprise_linux 6.0
ibm infosphere_guardium_database_activity_monitoring 8.2
f5 big-ip_analytics 11.6.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_scientific_computing 7.0
ibm security_access_manager_for_web_8.0_firmware 8.0.0.2
f5 traffix_signaling_delivery_controller 3.3.2
ibm smartcloud_entry_appliance 2.4.0
suse linux_enterprise_server 12
f5 big-iq_security *
f5 big-ip_local_traffic_manager 11.6.0
vmware vcenter_server_appliance 5.1
ibm qradar_vulnerability_manager 7.2.6
apple mac_os_x *
opensuse opensuse 12.3
ibm starter_kit_for_cloud 2.2.0
ibm storwize_v3500_firmware *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux 7.0
f5 big-ip_application_acceleration_manager 11.6.0
suse linux_enterprise_desktop 11
ibm security_access_manager_for_mobile_8.0_firmware 8.0.0.2
f5 big-ip_webaccelerator *
ibm storwize_v3700_firmware *
ibm security_access_manager_for_web_7.0_firmware 7.0.0.7
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_tus 7.7
ibm qradar_vulnerability_manager 7.2.8
ibm storwize_v7000_firmware *
redhat enterprise_linux 5.0
redhat enterprise_linux_for_ibm_z_systems 6.5_s390x
f5 big-iq_cloud *
CVE-2015-3209 HIGH

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.04
fedoraproject fedora 21
redhat openstack 5.0
fedoraproject fedora 20
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_server_tus 6.6
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 12
redhat enterprise_linux_eus 6.6
juniper junos_space *
arista eos 4.14
canonical ubuntu_linux 14.04
suse linux_enterprise_server 10
fedoraproject fedora 22
redhat enterprise_linux_workstation 6.0
arista eos 4.15
redhat enterprise_linux_workstation 5.0
suse linux_enterprise_software_development_kit 12
debian debian_linux 7.0
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.10
debian debian_linux 8.0
redhat virtualization 3.0
suse linux_enterprise_server 12
arista eos 4.12
suse linux_enterprise_server 11
redhat enterprise_linux_server 5.0
qemu qemu *
suse linux_enterprise_desktop 11
redhat enterprise_linux_server_aus 6.6
arista eos 4.13
redhat enterprise_linux_desktop 6.0
CVE-2015-3214 MEDIUM

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_compute_node_eus 7.2
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server_from_rhui 7.0
redhat virtualization 3.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_server_eus 7.1
arista eos 4.12
redhat enterprise_linux_workstation 7.0
linux linux_kernel *
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_compute_node_eus 7.5
redhat enterprise_linux_server_eus 7.6
lenovo emc_px12-400r_ivx *
redhat enterprise_linux_server_eus 7.2
redhat openstack 5.0
redhat enterprise_linux_compute_node_eus 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_compute_node_eus 7.6
redhat enterprise_linux_compute_node_eus 7.7
arista eos 4.14
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_power_big_endian 7.0
arista eos 4.15
redhat enterprise_linux_for_power_big_endian_eus 7.1_ppc64
debian debian_linux 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_scientific_computing 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_compute_node_eus 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_server_update_services_for_sap_solutions 7.2
redhat enterprise_linux_server_aus 7.4
qemu qemu *
lenovo emc_px12-450r_ivx *
arista eos 4.13
redhat openstack 6.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_compute_node_eus 7.1
CVE-2015-5165 HIGH

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-908,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_power_big_endian_eus 6.7_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian 6.0
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_compute_node_eus 7.2
suse linux_enterprise_server 10
fedoraproject fedora 22
xen xen *
redhat enterprise_linux_server_eus 7.5
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_from_rhui 6.0
redhat virtualization 3.0
oracle linux 7
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_server_eus 7.1
arista eos 4.12
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_tus 7.3
xen xen 4.5.1
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_compute_node_eus 7.5
redhat enterprise_linux_server_eus 7.6
fedoraproject fedora 21
redhat enterprise_linux_server_eus 7.2
redhat openstack 5.0
redhat enterprise_linux_compute_node_eus 7.3
redhat enterprise_linux_eus_compute_node 6.7
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_compute_node_eus 7.6
redhat enterprise_linux_compute_node_eus 7.7
arista eos 4.14
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_workstation 6.0
arista eos 4.15
redhat enterprise_linux_for_power_big_endian_eus 7.1_ppc64
redhat enterprise_linux_server_eus_from_rhui 6.7
debian debian_linux 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_scientific_computing 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_compute_node_eus 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_server_update_services_for_sap_solutions 7.2
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_for_scientific_computing 6.0
arista eos 4.13
redhat openstack 6.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_compute_node_eus 7.1
CVE-2015-5239 MEDIUM

Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
canonical ubuntu_linux 15.04
fedoraproject fedora 21
arista eos 4.12
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 12
qemu qemu *
suse linux_enterprise_desktop 11
arista eos 4.14
canonical ubuntu_linux 14.04
arista eos 4.13
fedoraproject fedora 22
arista eos 4.15
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_debuginfo 11
fedoraproject fedora 23
CVE-2015-5278 MEDIUM

The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
arista eos 4.14
canonical ubuntu_linux 14.04
arista eos 4.13
fedoraproject fedora 22
canonical ubuntu_linux 15.04
fedoraproject fedora 21
arista eos 4.12
arista eos 4.15
canonical ubuntu_linux 12.04
fedoraproject fedora 23
qemu qemu *
CVE-2015-5745 MEDIUM

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
arista eos 4.14
arista eos 4.13
fedoraproject fedora 22
fedoraproject fedora 21
arista eos 4.12
arista eos 4.15
fedoraproject fedora 23
qemu qemu *
CVE-2015-6815 LOW

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-835,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_software_development_kit 12.0
canonical ubuntu_linux 15.04
fedoraproject fedora 21
redhat openstack 5.0
canonical ubuntu_linux 12.04
novell suse_linux_enterprise_debuginfo 11.0
arista eos 4.14
canonical ubuntu_linux 14.04
fedoraproject fedora 22
novell suse_linux_enterprise_server 11.0
arista eos 4.15
xen xen 4.4.3
redhat enterprise_linux 6.0
fedoraproject fedora 23
novell suse_linux_enterprise_server 12.0
arista eos 4.12
novell suse_linux_enterprise_software_development_kit 11.0
redhat enterprise_linux 7.0
qemu qemu *
arista eos 4.13
redhat openstack 7.0
redhat openstack 6.0
novell suse_linux_enterprise_desktop 12.0
xen xen 4.5.1
redhat enterprise_linux 5.0
novell suse_linux_enterprise_desktop 11.0
CVE-2015-6855 MEDIUM

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
debian debian_linux 8.0
suse linux_enterprise_server 12
canonical ubuntu_linux 15.04
fedoraproject fedora 21
arista eos -
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 12
qemu qemu *
canonical ubuntu_linux 14.04
fedoraproject fedora 22
debian debian_linux 9.0
debian debian_linux 7.0
fedoraproject fedora 23
CVE-2015-8236 HIGH

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
arista eos 4.14.5fx
arista eos 4.12.6.1
arista eos 4.15.2f
arista eos 4.12.8.1
arista eos 4.14.1f
arista eos 4.14.3f
arista eos 4.15.0fx
arista eos 4.13.10m
arista eos 4.13.1.1f
arista eos 4.13.13m
arista eos 4.15.0fx1
arista eos 4.12.7.1
arista eos 4.13.8m
arista eos 4.15.1fx-7060qx
arista eos 4.13.9.1m
arista eos 4.14.4f
arista eos 4.14.9
arista eos 4.15.1fxb
arista eos 4.13.9m
arista eos 4.13.2.1f
arista eos 4.14.8.1f
arista eos 4.15.0fxa
arista eos 4.14.0f
arista eos 4.12.8
arista eos 4.13.7.3m
arista eos 4.14.4.1f
arista eos *
arista eos 4.14.4.2f
arista eos 4.13.5.1f
arista eos 4.13.12m
arista eos 4.14.7.1f
arista eos 4.13.11m
arista eos 4.13.6
arista eos 4.12.5.2
arista eos 4.14.3.1f
arista eos 4.14.5fx.3
arista eos 4.15.1fx-7060x
arista eos 4.15.1f
arista eos 4.14.5fx.1
arista eos 4.13.7.2m
arista eos 4.12.9
arista eos 4.12.10
arista eos 4.14.5f
arista eos 4.13.3.1f
arista eos 4.14.2f
arista eos 4.15.0f
arista eos 4.13.7m
arista eos 4.13.4.1f
arista eos 4.14.5.1f-ssu
arista eos 4.13.5
arista eos 4.14.8f
arista eos 4.14.5fx.4
arista eos 4.14.6f
arista eos 4.14.7f
arista eos 4.14.5fx.2
CVE-2016-6894 HIGH

Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
arista dcs-7050s_eos_software *
arista dcs-7050t_eos_software *
arista dcs-7050q_eos_software *
CVE-2016-9012 MEDIUM

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2017-14491 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.04
synology diskstation_manager 6.1
arista eos *
canonical ubuntu_linux 12.04
synology diskstation_manager 5.2
synology diskstation_manager 6.0
siemens scalance_m-800_firmware *
canonical ubuntu_linux 14.04
synology router_manager 1.1
siemens scalance_s615_firmware *
suse linux_enterprise_point_of_sale 11
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
arubanetworks arubaos *
opensuse leap 42.2
debian debian_linux 7.0
suse linux_enterprise_debuginfo 11
thekelleys dnsmasq *
huawei honor_v9_play_firmware *
redhat enterprise_linux_server 6.0
debian debian_linux 7.1
debian debian_linux 8.0
opensuse leap 42.3
suse linux_enterprise_server 12
canonical ubuntu_linux 16.04
siemens ruggedcom_rm1224_firmware *
nvidia geforce_experience *
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
nvidia linux_for_tegra *
siemens scalance_w1750d_firmware *
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 6.0
debian debian_linux 9.0
CVE-2017-18017 HIGH

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_for_real_time_for_nfv 7
arista eos *
redhat mrg_realtime 2.0
suse linux_enterprise_high_availability_extension 11
suse linux_enterprise_software_development_kit 11
redhat enterprise_linux_eus 7.7
canonical ubuntu_linux 12.04
suse linux_enterprise_desktop 12
suse linux_enterprise_live_patching 12
canonical ubuntu_linux 14.04
suse linux_enterprise_real_time_extension 11
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_module_for_public_cloud 12
suse linux_enterprise_point_of_sale 11
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_eus 7.4
openstack cloud_magnum_orchestration 7
suse linux_enterprise_software_development_kit 12
debian debian_linux 7.0
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.6
debian debian_linux 8.0
opensuse leap 42.3
redhat enterprise_linux_server_aus 7.7
suse linux_enterprise_server 12
f5 arx *
suse linux_enterprise_server 11
redhat enterprise_linux_workstation 7.0
suse linux_enterprise_real_time_extension 12
linux linux_kernel *
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 7.4
arista eos 4.20.1fx-virtual-router
redhat enterprise_linux_server 7.0
suse openstack_cloud 6
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_desktop 6.0
suse linux_enterprise_workstation_extension 12
redhat enterprise_linux_for_real_time 7
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_high_availability 12
suse caas_platform *
CVE-2018-12357 MEDIUM

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2018-14008 LOW

Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
arista eos *
CVE-2018-5254 MEDIUM

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-417,

Products Affected

Vendor Product Version
arista eos *
CVE-2018-5255 MEDIUM

The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos *
CVE-2019-14810 MEDIUM

A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. Affected EOS versions include: 4.22 release train: 4.22.1F and earlier releases 4.21 release train: 4.21.0F - 4.21.2.3F, 4.21.3F - 4.21.7.1M 4.20 release train: 4.20.14M and earlier releases 4.19 release train: 4.19.12M and earlier releases End of support release trains (4.18 and 4.17)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
arista extensible_operating_system 4.18
arista extensible_operating_system 4.22.1f
arista extensible_operating_system 4.17
arista extensible_operating_system *
CVE-2019-17596 MEDIUM

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-436,

Products Affected

Vendor Product Version
arista cloudvision_portal 2019.1.1
redhat developer_tools 1.0
arista eos *
redhat enterprise_linux 8.0
redhat enterprise_linux_server 8.1
arista cloudvision_portal 2019.1.2
golang go *
opensuse leap 15.0
arista terminattr *
fedoraproject fedora 30
debian debian_linux 10.0
arista cloudvision_portal 2019.1.0
debian debian_linux 9.0
fedoraproject fedora 31
opensuse leap 15.1
arista cloudvision_portal *
arista mos *
CVE-2019-18181 MEDIUM

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2019-18615 LOW

In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,CWE-522,

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2019-18948 MEDIUM

An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos 4.19
arista eos *
arista eos 4.17
arista eos 4.16
arista eos 4.18
arista eos 4.15
arista eos 4.20
CVE-2020-10188 HIGH

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
juniper junos 15.1x49
arista eos *
juniper junos 17.2x75
juniper junos 18.2
juniper junos 18.4
oracle communications_performance_intelligence_center 10.4.0.2
juniper junos 17.2
juniper junos 12.3
juniper junos 20.1
fedoraproject fedora 30
juniper junos 12.3x50
netkit_telnet_project netkit_telnet *
juniper junos 18.2x75-d10
fedoraproject fedora 31
juniper junos 15.1x49-d60
juniper junos 17.4
juniper junos 12.3r12
juniper junos 12.3x48
arista eos 4.24.0f
juniper junos 15.1x49-d30
juniper junos 15.1x49-d150
debian debian_linux 8.0
juniper junos 16.1
juniper junos 18.2x75
juniper junos 15.1
juniper junos 17.3
juniper junos 18.3
fedoraproject fedora 32
juniper junos 15.1x49-d140
juniper junos 18.2x75-d30
juniper junos 19.2
juniper junos 15.1x49-d160
debian debian_linux 9.0
juniper junos 18.1
juniper junos 19.1
juniper junos 19.3
juniper junos 19.4
CVE-2020-11622 MEDIUM

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista veos 4.22.2.2.1
arista cloudeos 4.21.4-fcrfx
arista cloudeos 4.21.3fx-7368
arista veos 4.23.2.1
arista cloudeos 4.22.3.1
arista cloudeos 4.21.7.1
arista cloudeos 4.22.2.2.1
arista veos 4.22.2.0.1
arista veos *
arista cloudeos 4.23.2.1
arista veos 4.21.4.1
arista cloudeos *
arista cloudeos 4.21.4.1
arista veos 4.21.4-fcrfx
arista veos 4.21.3fx-7368
arista cloudeos 4.22.2.0.1
arista veos 4.21.7.1
arista veos 4.22.3.1
CVE-2020-13100 MEDIUM

Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista cloudvision_exchange *
CVE-2020-13881 MEDIUM

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
debian debian_linux 8.0
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 20.04
arista cloudvision_portal *
pam_tacplus_project pam_tacplus *
CVE-2020-15897 MEDIUM

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos *
CVE-2020-15898 MEDIUM

In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos *
CVE-2020-17355 MEDIUM

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos *
CVE-2020-24333 MEDIUM

A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2020-24360 MEDIUM

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
arista eos *
CVE-2020-24586 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
intel ac_9560_firmware *
intel ac_7265_firmware *
intel ax1675_firmware -
linux mac80211 -
intel ax210_firmware *
intel ac_9462_firmware *
intel ac_8260_firmware *
intel ac_1550_firmware -
intel ax1650_firmware -
intel ax200_firmware *
intel ac_9260_firmware *
intel ac_9461_firmware *
ieee ieee_802.11 *
arista c-230_firmware *
linux linux_kernel *
arista c-200_firmware *
intel ac_3165_firmware *
intel ac_3168_firmware *
arista c-235_firmware *
arista c-260_firmware *
intel ax201_firmware *
arista c-250_firmware *
debian debian_linux 9.0
intel ac_8265_firmware *
CVE-2020-24587 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.6 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco meraki_gr10_firmware -
cisco meraki_mr30h_firmware -
cisco meraki_mr72_firmware -
cisco meraki_mr76_firmware -
intel wi-fi_6_ax200_firmware -
cisco aironet_iw3702_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_ap803_firmware -
cisco aironet_3800p_firmware -
arista c-250_firmware -
arista w-118_firmware -
cisco meraki_mr44_firmware -
cisco aironet_2800i_firmware -
cisco aironet_1832_firmware -
cisco ip_phone_6861_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco catalyst_iw6300_ac_firmware -
cisco meraki_mr74_firmware -
cisco catalyst_9130axe_firmware -
intel ac_8265_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr12_firmware -
cisco meraki_mr32_firmware -
cisco meraki_mr36_firmware -
cisco meraki_mr53e_firmware -
cisco 1100-4p_firmware -
ieee ieee_802.11 *
cisco meraki_mr55_firmware -
cisco aironet_1815i_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco 1100_firmware -
linux linux_kernel *
cisco ir829gw-lte-ga-ek9_firmware -
cisco webex_room_kit_firmware -
intel proset_ac_3165_firmware -
cisco meraki_mx64w_firmware -
cisco meraki_mr86_firmware -
cisco webex_board_55_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco webex_board_55s_firmware -
debian debian_linux 9.0
cisco catalyst_9115_firmware -
intel proset_ac_3168_firmware -
cisco aironet_1842_firmware -
cisco catalyst_9117axi_firmware -
cisco ip_phone_8865_firmware -
intel ac_9560_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco catalyst_9120axe_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr42_firmware -
cisco meraki_gr60_firmware -
cisco aironet_1800i_firmware -
arista c-75_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco meraki_mr42e_firmware -
cisco aironet_3800e_firmware -
cisco meraki_mx68w_firmware -
cisco meraki_mr46e_firmware -
cisco meraki_mx67cw_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9130axi_firmware -
intel proset_ac_9461_firmware -
cisco webex_dx70_firmware -
cisco aironet_1542i_firmware -
cisco webex_room_55_firmware -
cisco catalyst_9115_ap_firmware -
cisco aironet_1810_firmware -
arista c-260_firmware -
arista c-65_firmware -
cisco meraki_mr66_firmware -
cisco webex_board_70s_firmware -
cisco ip_phone_8832_firmware -
cisco aironet_1572_firmware -
cisco catalyst_9105axw_firmware -
intel proset_ac_8265_firmware -
cisco webex_room_kit_mini_firmware -
cisco 1109-2p_firmware -
cisco aironet_2800e_firmware -
cisco aironet_1800_firmware -
arista o-105_firmware -
arista c-235_firmware -
cisco aironet_3800_firmware -
cisco aironet_4800_firmware -
cisco aironet_3702_firmware -
cisco meraki_mx67w_firmware -
cisco catalyst_9120_firmware -
arista o-90_firmware -
intel ac_9260_firmware -
cisco aironet_2702_firmware -
arista c-120_firmware -
cisco catalyst_9105axi_firmware -
cisco esw6300_firmware -
cisco aironet_1702_firmware -
cisco catalyst_9124_firmware -
cisco aironet_2800_firmware -
cisco meraki_mr53_firmware -
cisco ip_phone_8821_firmware -
arista c-130_firmware -
cisco webex_board_85s_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9130_firmware -
cisco webex_room_55_dual_firmware -
cisco aironet_3800i_firmware -
cisco catalyst_9124axd_firmware -
cisco catalyst_9117_firmware -
cisco aironet_1810w_firmware -
cisco webex_board_70_firmware -
cisco webex_dx80_firmware -
cisco aironet_1852_firmware -
cisco meraki_z3_firmware -
cisco 1100-8p_firmware -
cisco meraki_mr26_firmware -
cisco meraki_mr70_firmware -
cisco aironet_1552h_firmware -
cisco catalyst_9124axi_firmware -
arista w-68_firmware -
cisco aironet_1552_firmware -
cisco aironet_1815_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1542d_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel proset_ac_9462_firmware -
linux mac80211 -
arista c-200_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
cisco aironet_1532_firmware -
cisco meraki_mr62_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mx65w_firmware -
cisco ip_phone_8861_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mx68cw_firmware -
arista c-100_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco catalyst_9120_ap_firmware -
cisco catalyst_9130_ap_firmware -
intel killer_ac_1550_firmware -
intel proset_ac_9560_firmware -
arista c-110_firmware -
cisco meraki_mr46_firmware -
intel proset_ac_9260_firmware -
cisco 1101-4p_firmware -
cisco catalyst_9105_firmware -
intel wi-fi_6_ax201_firmware -
cisco 1109-4p_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr20_firmware -
cisco meraki_mr45_firmware -
intel proset_wi-fi_6_ax200_firmware -
intel ac_8260_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco meraki_mr33_firmware -
cisco webex_room_70_firmware -
intel proset_ac_8260_firmware -
cisco catalyst_iw6300_dc_firmware -
cisco meraki_z3c_firmware -
cisco webex_room_70_dual_firmware -
cisco catalyst_9115axe_firmware -
cisco meraki_mr52_firmware -
cisco meraki_mr84_firmware -
arista c-230_firmware -
cisco catalyst_9120axp_firmware -
cisco catalyst_iw6300_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco webex_room_70_single_firmware -
CVE-2020-24588 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco meraki_gr10_firmware -
cisco meraki_mr30h_firmware -
microsoft windows_rt_8.1 -
cisco meraki_mr72_firmware -
cisco meraki_mr76_firmware -
intel wi-fi_6_ax200_firmware -
cisco aironet_iw3702_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_ap803_firmware -
microsoft windows_10 2004
arista c-250_firmware -
arista w-118_firmware -
cisco meraki_mr44_firmware -
siemens scalance_w774-1_firmware -
cisco aironet_1832_firmware -
cisco ip_phone_6861_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco meraki_mr74_firmware -
cisco catalyst_9130axe_firmware -
siemens scalance_w1788-2_firmware -
intel ac_8265_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
siemens scalance_w1788-2ia_firmware -
cisco meraki_mr12_firmware -
cisco meraki_mr32_firmware -
cisco meraki_mr36_firmware -
cisco meraki_mr53e_firmware -
cisco 1100-4p_firmware -
microsoft windows_server_2019 -
ieee ieee_802.11 *
cisco meraki_mr55_firmware -
siemens scalance_w1748-1_firmware -
microsoft windows_10 1809
cisco aironet_1815i_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco 1100_firmware -
linux linux_kernel *
cisco ir829gw-lte-ga-ek9_firmware -
cisco webex_room_kit_firmware -
intel proset_ac_3165_firmware -
cisco meraki_mx64w_firmware -
cisco meraki_mr86_firmware -
microsoft windows_7 -
cisco webex_board_55_firmware -
microsoft windows_server_2016 2004
cisco webex_board_55s_firmware -
debian debian_linux 9.0
cisco catalyst_9115_firmware -
intel proset_ac_3168_firmware -
cisco aironet_1842_firmware -
microsoft windows_8.1 -
cisco catalyst_9117axi_firmware -
cisco ip_phone_8865_firmware -
siemens scalance_w786-2_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_w748-1_firmware -
intel ac_9560_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco catalyst_9120axe_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr42_firmware -
cisco meraki_gr60_firmware -
siemens scalance_w788-2_firmware -
cisco aironet_1800i_firmware -
microsoft windows_server_2008 r2
arista c-75_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco meraki_mr42e_firmware -
cisco meraki_mx68w_firmware -
cisco meraki_mr46e_firmware -
cisco meraki_mx67cw_firmware -
siemens scalance_w738-1_firmware -
siemens scalance_wum766-1_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9130axi_firmware -
intel proset_ac_9461_firmware -
cisco webex_dx70_firmware -
cisco aironet_1542i_firmware -
cisco webex_room_55_firmware -
cisco catalyst_9115_ap_firmware -
microsoft windows_server_2012 -
cisco aironet_1810_firmware -
arista c-260_firmware -
arista c-65_firmware -
cisco meraki_mr66_firmware -
cisco webex_board_70s_firmware -
siemens scalance_w722-1_firmware -
microsoft windows_10 20h2
cisco ip_phone_8832_firmware -
cisco catalyst_9105axw_firmware -
intel proset_ac_8265_firmware -
cisco webex_room_kit_mini_firmware -
cisco 1109-2p_firmware -
cisco aironet_1800_firmware -
arista o-105_firmware -
arista c-235_firmware -
siemens scalance_wam766-1_6ghz_firmware -
cisco meraki_mx67w_firmware -
siemens scalance_w786-1_firmware -
cisco catalyst_9120_firmware -
arista o-90_firmware -
intel ac_9260_firmware -
siemens scalance_w761-1_firmware -
microsoft windows_10 1607
arista c-120_firmware -
microsoft windows_server_2016 -
cisco catalyst_9105axi_firmware -
siemens scalance_wum766-1_6ghz_firmware -
cisco catalyst_9124_firmware -
cisco meraki_mr53_firmware -
cisco ip_phone_8821_firmware -
arista c-130_firmware -
cisco webex_board_85s_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9130_firmware -
microsoft windows_10 1909
cisco webex_room_55_dual_firmware -
microsoft windows_10 -
cisco catalyst_9124axd_firmware -
cisco catalyst_9117_firmware -
cisco aironet_1810w_firmware -
cisco webex_board_70_firmware -
cisco webex_dx80_firmware -
cisco aironet_1852_firmware -
cisco meraki_z3_firmware -
cisco 1100-8p_firmware -
cisco meraki_mr26_firmware -
siemens scalance_w778-1_firmware -
cisco meraki_mr70_firmware -
siemens scalance_w1788-1_firmware -
siemens scalance_w721-1_firmware -
cisco catalyst_9124axi_firmware -
arista w-68_firmware -
cisco aironet_1815_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1542d_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel proset_ac_9462_firmware -
linux mac80211 -
arista c-200_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
cisco aironet_1532_firmware -
cisco meraki_mr62_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mx65w_firmware -
microsoft windows_server_2008 -
cisco ip_phone_8861_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mx68cw_firmware -
arista c-100_firmware -
siemens scalance_w1750d_firmware -
siemens scalance_wam766-1_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco webex_room_70_dual_g2_firmware -
microsoft windows_10 1803
siemens scalance_w786-2ia_firmware -
cisco catalyst_9120_ap_firmware -
cisco catalyst_9130_ap_firmware -
intel killer_ac_1550_firmware -
siemens scalance_wum763-1_firmware -
intel proset_ac_9560_firmware -
arista c-110_firmware -
cisco meraki_mr46_firmware -
intel proset_ac_9260_firmware -
siemens scalance_w734-1_firmware -
cisco 1101-4p_firmware -
cisco catalyst_9105_firmware -
intel wi-fi_6_ax201_firmware -
cisco 1109-4p_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr20_firmware -
siemens scalance_w788-1_firmware -
cisco meraki_mr45_firmware -
intel proset_wi-fi_6_ax200_firmware -
intel ac_8260_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco meraki_mr33_firmware -
cisco webex_room_70_firmware -
intel proset_ac_8260_firmware -
cisco meraki_z3c_firmware -
cisco webex_room_70_dual_firmware -
cisco catalyst_9115axe_firmware -
cisco meraki_mr52_firmware -
cisco meraki_mr84_firmware -
arista c-230_firmware -
cisco catalyst_9120axp_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco webex_room_70_single_firmware -
CVE-2020-25684 MEDIUM

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
debian debian_linux 9.0
thekelleys dnsmasq *
CVE-2020-25685 MEDIUM

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
thekelleys dnsmasq *
CVE-2020-25686 MEDIUM

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-290,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
thekelleys dnsmasq *
CVE-2020-26139 LOW

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
cisco meraki_gr10_firmware -
cisco meraki_mr30h_firmware -
cisco meraki_mr72_firmware -
cisco meraki_mr76_firmware -
intel wi-fi_6_ax200_firmware -
cisco aironet_iw3702_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_ap803_firmware -
cisco aironet_3800p_firmware -
arista c-250_firmware -
arista w-118_firmware -
cisco meraki_mr44_firmware -
cisco aironet_2800i_firmware -
cisco aironet_1832_firmware -
cisco ip_phone_6861_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco catalyst_iw6300_ac_firmware -
cisco meraki_mr74_firmware -
cisco catalyst_9130axe_firmware -
intel ac_8265_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr12_firmware -
cisco meraki_mr32_firmware -
cisco meraki_mr36_firmware -
cisco meraki_mr53e_firmware -
cisco 1100-4p_firmware -
cisco meraki_mr55_firmware -
cisco aironet_1815i_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco 1100_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
cisco webex_room_kit_firmware -
intel proset_ac_3165_firmware -
cisco meraki_mx64w_firmware -
cisco meraki_mr86_firmware -
cisco webex_board_55_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco webex_board_55s_firmware -
debian debian_linux 9.0
cisco catalyst_9115_firmware -
intel proset_ac_3168_firmware -
cisco aironet_1842_firmware -
cisco catalyst_9117axi_firmware -
cisco ip_phone_8865_firmware -
intel ac_9560_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco catalyst_9120axe_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr42_firmware -
cisco meraki_gr60_firmware -
cisco aironet_1800i_firmware -
arista c-75_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco meraki_mr42e_firmware -
cisco aironet_3800e_firmware -
cisco meraki_mx68w_firmware -
cisco meraki_mr46e_firmware -
cisco meraki_mx67cw_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9130axi_firmware -
intel proset_ac_9461_firmware -
cisco webex_dx70_firmware -
cisco aironet_1542i_firmware -
cisco webex_room_55_firmware -
cisco catalyst_9115_ap_firmware -
cisco aironet_1810_firmware -
arista c-260_firmware -
arista c-65_firmware -
cisco meraki_mr66_firmware -
cisco webex_board_70s_firmware -
cisco ip_phone_8832_firmware -
cisco aironet_1572_firmware -
cisco catalyst_9105axw_firmware -
intel proset_ac_8265_firmware -
cisco webex_room_kit_mini_firmware -
cisco 1109-2p_firmware -
cisco aironet_2800e_firmware -
cisco aironet_1800_firmware -
arista o-105_firmware -
arista c-235_firmware -
cisco aironet_3800_firmware -
cisco aironet_4800_firmware -
cisco aironet_3702_firmware -
cisco meraki_mx67w_firmware -
cisco catalyst_9120_firmware -
netbsd netbsd 7.1
arista o-90_firmware -
intel ac_9260_firmware -
cisco aironet_2702_firmware -
arista c-120_firmware -
cisco catalyst_9105axi_firmware -
cisco esw6300_firmware -
cisco aironet_1702_firmware -
cisco catalyst_9124_firmware -
cisco aironet_2800_firmware -
cisco meraki_mr53_firmware -
cisco ip_phone_8821_firmware -
arista c-130_firmware -
cisco webex_board_85s_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco meraki_mr56_firmware -
cisco catalyst_9130_firmware -
cisco webex_room_55_dual_firmware -
cisco aironet_3800i_firmware -
cisco catalyst_9124axd_firmware -
cisco catalyst_9117_firmware -
cisco aironet_1810w_firmware -
cisco webex_board_70_firmware -
cisco webex_dx80_firmware -
cisco aironet_1852_firmware -
cisco meraki_z3_firmware -
cisco 1100-8p_firmware -
cisco meraki_mr26_firmware -
cisco meraki_mr70_firmware -
cisco aironet_1552h_firmware -
cisco catalyst_9124axi_firmware -
arista w-68_firmware -
cisco aironet_1552_firmware -
cisco aironet_1815_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1542d_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel proset_ac_9462_firmware -
arista c-200_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
cisco aironet_1532_firmware -
cisco meraki_mr62_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mx65w_firmware -
cisco ip_phone_8861_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mx68cw_firmware -
arista c-100_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco catalyst_9120_ap_firmware -
cisco catalyst_9130_ap_firmware -
intel killer_ac_1550_firmware -
intel proset_ac_9560_firmware -
arista c-110_firmware -
cisco meraki_mr46_firmware -
intel proset_ac_9260_firmware -
cisco 1101-4p_firmware -
cisco catalyst_9105_firmware -
intel wi-fi_6_ax201_firmware -
cisco 1109-4p_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr20_firmware -
cisco meraki_mr45_firmware -
intel proset_wi-fi_6_ax200_firmware -
intel ac_8260_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco meraki_mr33_firmware -
cisco webex_room_70_firmware -
intel proset_ac_8260_firmware -
cisco catalyst_iw6300_dc_firmware -
cisco meraki_z3c_firmware -
cisco webex_room_70_dual_firmware -
cisco catalyst_9115axe_firmware -
cisco meraki_mr52_firmware -
cisco meraki_mr84_firmware -
arista c-230_firmware -
cisco catalyst_9120axp_firmware -
cisco catalyst_iw6300_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco webex_room_70_single_firmware -
CVE-2020-26140 LOW

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco meraki_gr10_firmware -
cisco meraki_mr30h_firmware -
cisco meraki_mr72_firmware -
cisco meraki_mr76_firmware -
alfa awus036h_firmware 6.1316.1209
intel wi-fi_6_ax200_firmware -
cisco aironet_iw3702_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_ap803_firmware -
cisco aironet_3800p_firmware -
arista w-118_firmware -
siemens scalance_w774-1_firmware -
cisco ip_phone_6861_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco meraki_mr74_firmware -
cisco catalyst_9130axe_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr32_firmware -
cisco meraki_mr55_firmware -
cisco 1100_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
intel proset_ac_3165_firmware -
cisco meraki_mx64w_firmware -
intel proset_ac_3168_firmware -
cisco aironet_1842_firmware -
intel ac_9560_firmware -
cisco meraki_gr60_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco meraki_mr42e_firmware -
cisco aironet_3800e_firmware -
cisco meraki_mx68w_firmware -
cisco meraki_mx67cw_firmware -
siemens scalance_w738-1_firmware -
siemens scalance_wum766-1_firmware -
intel proset_ac_9461_firmware -
cisco webex_dx70_firmware -
cisco aironet_1542i_firmware -
arista c-260_firmware -
arista c-65_firmware -
cisco meraki_mr66_firmware -
cisco webex_board_70s_firmware -
siemens scalance_w722-1_firmware -
cisco aironet_1572_firmware -
cisco catalyst_9105axw_firmware -
cisco webex_room_kit_mini_firmware -
cisco 1109-2p_firmware -
arista o-105_firmware -
cisco aironet_3800_firmware -
siemens scalance_wam766-1_6ghz_firmware -
cisco aironet_3702_firmware -
siemens scalance_w786-1_firmware -
cisco catalyst_9120_firmware -
arista c-120_firmware -
cisco catalyst_9105axi_firmware -
cisco aironet_1702_firmware -
cisco catalyst_9124_firmware -
cisco aironet_2800_firmware -
cisco ip_phone_8821_firmware -
arista c-130_firmware -
cisco webex_board_85s_firmware -
cisco ir829gw-lte-vz-ak9_firmware -
cisco meraki_mr56_firmware -
cisco webex_room_55_dual_firmware -
cisco aironet_3800i_firmware -
cisco catalyst_9124axd_firmware -
cisco catalyst_9117_firmware -
cisco webex_board_70_firmware -
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1542d_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel proset_ac_9462_firmware -
cisco aironet_1560_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
cisco aironet_1532_firmware -
cisco ip_phone_8861_firmware -
cisco ir829-2lte-ea-ek9_firmware -
arista c-100_firmware -
siemens scalance_wam766-1_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
siemens scalance_w786-2ia_firmware -
intel killer_ac_1550_firmware -
siemens scalance_wum763-1_firmware -
intel proset_ac_9560_firmware -
cisco meraki_mr46_firmware -
siemens scalance_w734-1_firmware -
cisco catalyst_9105_firmware -
cisco meraki_mr20_firmware -
cisco meraki_mr45_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco meraki_mr33_firmware -
cisco webex_room_70_firmware -
intel proset_ac_8260_firmware -
cisco catalyst_iw6300_dc_firmware -
cisco catalyst_9115axe_firmware -
arista c-230_firmware -
cisco catalyst_9120axp_firmware -
cisco webex_room_70_single_firmware -
arista c-250_firmware -
cisco meraki_mr44_firmware -
cisco aironet_2800i_firmware -
cisco aironet_1832_firmware -
cisco catalyst_iw6300_ac_firmware -
siemens scalance_w1788-2_firmware -
intel ac_8265_firmware -
siemens scalance_w1788-2ia_firmware -
cisco meraki_mr12_firmware -
cisco meraki_mr36_firmware -
cisco meraki_mr53e_firmware -
cisco 1100-4p_firmware -
siemens scalance_w1748-1_firmware -
cisco aironet_1815i_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco webex_room_kit_firmware -
cisco meraki_mr86_firmware -
cisco webex_board_55_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco webex_board_55s_firmware -
cisco aironet_1562i_firmware -
cisco catalyst_9115_firmware -
cisco catalyst_9117axi_firmware -
cisco ip_phone_8865_firmware -
siemens scalance_w786-2_firmware -
siemens scalance_wam763-1_firmware -
siemens scalance_w748-1_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco catalyst_9120axe_firmware -
cisco webex_room_70_single_g2_firmware -
cisco meraki_mr42_firmware -
siemens scalance_w788-2_firmware -
cisco aironet_1800i_firmware -
arista c-75_firmware -
cisco meraki_mr46e_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9130axi_firmware -
cisco webex_room_55_firmware -
cisco catalyst_9115_ap_firmware -
cisco aironet_1810_firmware -
cisco ip_phone_8832_firmware -
intel proset_ac_8265_firmware -
cisco aironet_2800e_firmware -
cisco aironet_1800_firmware -
arista c-235_firmware -
cisco aironet_4800_firmware -
cisco meraki_mx67w_firmware -
arista o-90_firmware -
intel ac_9260_firmware -
cisco aironet_2702_firmware -
siemens scalance_w761-1_firmware -
cisco esw6300_firmware -
siemens scalance_wum766-1_6ghz_firmware -
cisco meraki_mr53_firmware -
cisco catalyst_9130_firmware -
cisco aironet_1810w_firmware -
cisco webex_dx80_firmware -
cisco aironet_1852_firmware -
cisco meraki_z3_firmware -
cisco 1100-8p_firmware -
cisco meraki_mr26_firmware -
siemens scalance_w778-1_firmware -
cisco meraki_mr70_firmware -
siemens scalance_w1788-1_firmware -
cisco aironet_1552h_firmware -
siemens scalance_w721-1_firmware -
cisco catalyst_9124axi_firmware -
arista w-68_firmware -
cisco aironet_1552_firmware -
cisco aironet_1815_firmware -
arista c-200_firmware -
cisco meraki_mr62_firmware -
cisco aironet_1562e_firmware -
cisco catalyst_9115axi_firmware -
cisco meraki_mx65w_firmware -
cisco meraki_mx68cw_firmware -
siemens scalance_w1750d_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco catalyst_9120_ap_firmware -
cisco catalyst_9130_ap_firmware -
arista c-110_firmware -
intel proset_ac_9260_firmware -
cisco 1101-4p_firmware -
intel wi-fi_6_ax201_firmware -
cisco 1109-4p_firmware -
cisco catalyst_9120axi_firmware -
siemens scalance_w788-1_firmware -
cisco esw-6300-con-x-k9_firmware -
intel ac_8260_firmware -
cisco meraki_z3c_firmware -
cisco webex_room_70_dual_firmware -
cisco meraki_mr52_firmware -
cisco meraki_mr84_firmware -
cisco aironet_1562d_firmware -
cisco catalyst_iw6300_firmware -
intel proset_wi-fi_6e_ax210_firmware -
CVE-2020-26143 LOW

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
alfa awus036h_firmware 1030.36.604
arista c-65_firmware -
arista w-68_firmware -
arista o-90_firmware -
arista c-75_firmware -
CVE-2020-26144 LOW

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista c-230_firmware *
arista c-200_firmware *
arista o-90_firmware -
arista w-118_firmware *
arista o-105_firmware *
arista c-235_firmware *
arista c-100_firmware *
arista c-75_firmware -
arista c-260_firmware *
arista c-250_firmware *
arista c-130_firmware *
siemens scalance_w700_ieee_802.11ax_firmware *
arista c-65_firmware -
samsung galaxy_i9305_firmware 4.4.4
arista c-120_firmware *
arista w-68_firmware -
arista c-110_firmware *
CVE-2020-26146 LOW

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
siemens scalance_w700_ieee_802.11n_firmware *
arista c-230_firmware *
arista c-200_firmware *
siemens scalance_w1750d_firmware *
arista o-90_firmware -
arista w-118_firmware *
arista o-105_firmware *
arista c-235_firmware *
arista c-100_firmware *
arista c-75_firmware -
arista c-260_firmware *
siemens scalance_w1700_ieee_802.11ac_firmware *
arista c-250_firmware *
arista c-130_firmware *
arista c-65_firmware -
samsung galaxy_i9305_firmware 4.4.4
arista c-120_firmware *
arista w-68_firmware -
arista c-110_firmware *
CVE-2020-26147 LOW

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N 1.2 4.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
siemens scalance_w1700_ieee_802.11ac_firmware *
siemens scalance_w700_ieee_802.11n_firmware *
arista c-65_firmware -
debian debian_linux 9.0
linux linux_kernel *
arista w-68_firmware -
arista o-90_firmware -
arista c-75_firmware -
CVE-2020-26569 MEDIUM

In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos *
CVE-2020-3702 LOW

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,

Products Affected

Vendor Product Version
qualcomm sdx20_firmware -
qualcomm qcn5502_firmware -
qualcomm sm6150_firmware -
qualcomm apq8053_firmware -
qualcomm ipq4019_firmware -
arista access_point *
debian debian_linux 10.0
qualcomm qca9531_firmware -
qualcomm msm8996au_firmware -
qualcomm qcs405_firmware -
qualcomm ipq8064_firmware -
qualcomm sm7150_firmware -
debian debian_linux 9.0
qualcomm msm8909w_firmware -
CVE-2020-9015 HIGH

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista dcs-7050qx-32s-r_firmware 4.20.9m
arista dcs-7280sram-48c6-r_firmware 4.22.0.1f
arista dcs-7050cx3-32s-r_firmware 4.20.11m
CVE-2021-28493 MEDIUM

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@arista.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 2.0 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28494 MEDIUM

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@arista.com 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 3.1 5.8

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28495 MEDIUM

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L 3.9 2.7
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28496 MEDIUM

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.1 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,CWE-522,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28497 MEDIUM

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@arista.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,NVD-CWE-Other,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28498 HIGH

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.7 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,CWE-522,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28499 LOW

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
psirt@arista.com 6.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 2.0 3.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,CWE-522,

Products Affected

Vendor Product Version
arista metamako_operating_system *
CVE-2021-28500 MEDIUM

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28501 MEDIUM

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@arista.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista terminattr *
CVE-2021-28503 MEDIUM

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-305,CWE-287,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28504 MEDIUM

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-863,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28505 MEDIUM

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
psirt@arista.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-863,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28506 HIGH

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
psirt@arista.com 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,CWE-306,CWE-862,

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28507 MEDIUM

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 5.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N 1.2 4.2
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
arista eos 4.22.1f
arista eos *
arista eos 4.21.3f
arista eos 4.21.1f
arista eos 4.21.0f
arista eos 4.22.0f
CVE-2021-28508 LOW

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2
psirt@arista.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,CWE-319,

Products Affected

Vendor Product Version
arista eos *
arista terminattr *
CVE-2021-28509 LOW

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2
psirt@arista.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,CWE-319,

Products Affected

Vendor Product Version
arista eos *
arista terminattr *
CVE-2021-28510

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.

Products Affected

Vendor Product Version
arista eos *
CVE-2021-28511

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5
psirt@arista.com 5.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
arista eos *
CVE-2022-29071

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
psirt@arista.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
arista cloudvision_portal *
CVE-2023-24509

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
arista eos *
CVE-2023-24510

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
arista eos *
CVE-2023-24511

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
arista eos *
CVE-2023-24512

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
arista ceos-lab *
arista eos *
arista cloudeos -
arista veos-lab -
CVE-2023-24513

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 3.9 2.5

Products Affected

Vendor Product Version
arista cloudeos *
CVE-2023-24545

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
arista cloudeos *
CVE-2023-24546

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.

Products Affected

Vendor Product Version
arista cloudvision_portal 2022.1.1
arista cloudvision_portal 2022.2.0
arista cloudvision_portal *
arista cloudvision_portal 2022.1.0
arista cloudvision_portal 2022.3.0
arista cloudvision_portal 2022.2.1
CVE-2023-24547

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
psirt@arista.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

Products Affected

Vendor Product Version
arista mos *
CVE-2023-24548

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 5.3 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 1.6 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
arista eos 4.25.0f
arista eos *
CVE-2023-3646

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
arista eos *
CVE-2023-6068

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N 1.6 1.4

Products Affected

Vendor Product Version
arista multiaccess *
arista multiaccess 1.7.1
CVE-2024-12829

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
arista ng_firewall 17.1.1
CVE-2024-12830

Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
arista ng_firewall 17.1.1
CVE-2024-12831

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
arista ng_firewall 17.1.1
CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
arista ng_firewall 17.1.1
CVE-2024-27889

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-47517

Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L 2.1 4.7

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-47518

Specially constructed queries targeting ETM could discover active remote access sessions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L 1.6 4.7

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-47519

Backup uploads to ETM subject to man-in-the-middle interception

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-47520

A user with advanced report application access rights can perform actions for which they are not authorized

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L 2.1 5.5

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
debian debian_linux 12.0
freebsd freebsd 14.1
netbsd netbsd *
freebsd freebsd 13.3
sonicwall sma_7210_firmware -
netapp ontap 9
openbsd openssh 4.4
netapp a800_firmware -
sonicwall sma_6210_firmware -
netapp 500f_firmware -
netapp ontap_select_deploy_administration_utility -
freebsd freebsd 14.0
netapp a90_firmware -
netapp a700s_firmware -
netapp e-series_santricity_os_controller *
canonical ubuntu_linux 24.04
openbsd openssh *
amazon linux_2023 -
netapp a400_firmware -
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
canonical ubuntu_linux 22.04
suse linux_enterprise_micro 6.0
netapp fas2750_firmware -
netapp c250_firmware -
canonical ubuntu_linux 23.04
netapp bootstrap_os -
netapp fas2720_firmware -
netapp fas2820_firmware -
redhat enterprise_linux 9.0
netapp a70_firmware -
amazon amazon_linux 2023.0
netapp c400_firmware -
canonical ubuntu_linux 22.10
openbsd openssh 8.5
netapp a250_firmware -
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_arm_64 9.0_aarch64
netapp a220_firmware -
arista eos *
canonical ubuntu_linux 23.10
netapp ontap_tools 10
openbsd openssh 8.6
netapp ontap_tools 9
sonicwall sma_8200v_firmware -
netapp a900_firmware -
netapp active_iq_unified_manager -
redhat enterprise_linux_server_aus 9.4
sonicwall sra_ex_7000_firmware -
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
apple macos *
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
netapp c190_firmware -
netapp 8700_firmware -
sonicwall sma_7200_firmware -
netapp a1k_firmware -
redhat enterprise_linux_eus 9.4
almalinux almalinux 9.0
netapp a9500_firmware -
redhat openshift_container_platform 4.0
netapp c800_firmware -
netapp 8300_firmware -
netapp a150_firmware -
freebsd freebsd 13.2
sonicwall sma_6200_firmware -
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
CVE-2024-9131

A user with administrator privileges can perform command injection

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-9132

The administrator is able to configure an insecure captive portal script

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-9133

A user with administrator privileges is able to retrieve authentication tokens

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 1.8 4.7

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-9134

Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2024-9188

Specially constructed queries cause cross platform scripting leaking administrator tokens

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@arista.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
arista ng_firewall *
CVE-2025-2767

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.

Products Affected

Vendor Product Version
arista ng_firewall 17.1.1