Vulnerability Details CVE-2020-11622
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices/security-advisories/11195-security-advisory-49
- https://www.arista.com/en/support/advisories-notices
- https://www.arista.com/en/support/advisories-notices/security-advisories/11195-security-advisory-49
Products affected by CVE-2020-11622
-
cpe:2.3:a:arista:cloudeos:4.21.3fx-7368
-
cpe:2.3:a:arista:cloudeos:4.21.3m
-
cpe:2.3:a:arista:cloudeos:4.21.4-fcrfx
-
cpe:2.3:a:arista:cloudeos:4.21.4.1
-
cpe:2.3:a:arista:cloudeos:4.21.7.1
-
cpe:2.3:a:arista:cloudeos:4.21.9m
-
cpe:2.3:a:arista:cloudeos:4.22.0
-
cpe:2.3:a:arista:cloudeos:4.22.2.0.1
-
cpe:2.3:a:arista:cloudeos:4.22.2.2.1
-
cpe:2.3:a:arista:cloudeos:4.22.3.1
-
cpe:2.3:a:arista:cloudeos:4.22.4m
-
cpe:2.3:a:arista:cloudeos:4.23.0
-
cpe:2.3:a:arista:cloudeos:4.23.2.1
-
cpe:2.3:a:arista:cloudeos:4.23.2m
-
cpe:2.3:a:arista:veos:4.21.3fx-7368
-
cpe:2.3:a:arista:veos:4.21.3m
-
cpe:2.3:a:arista:veos:4.21.4-fcrfx
-
cpe:2.3:a:arista:veos:4.21.4.1
-
cpe:2.3:a:arista:veos:4.21.7.1
-
cpe:2.3:a:arista:veos:4.21.9m
-
cpe:2.3:a:arista:veos:4.22.0
-
cpe:2.3:a:arista:veos:4.22.2.0.1
-
cpe:2.3:a:arista:veos:4.22.2.2.1
-
cpe:2.3:a:arista:veos:4.22.3.1
-
cpe:2.3:a:arista:veos:4.22.4m
-
cpe:2.3:a:arista:veos:4.23.0
-
cpe:2.3:a:arista:veos:4.23.2.1
-
cpe:2.3:a:arista:veos:4.23.2m