CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9015

Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands

Exploit prediction scoring system (EPSS) score

EPSS Score 0.656

EPSS Ranking 98.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2020-9015

Arista » Dcs-7050cx3-32s-R » Version: N/A

cpe:2.3:h:arista:dcs-7050cx3-32s-r:-
Arista » Dcs-7050qx-32s-R » Version: N/A

cpe:2.3:h:arista:dcs-7050qx-32s-r:-
Arista » Dcs-7280sram-48c6-R » Version: N/A

cpe:2.3:h:arista:dcs-7280sram-48c6-r:-
Arista » Dcs-7050cx3-32s-R Firmware » Version: 4.20.11m

cpe:2.3:o:arista:dcs-7050cx3-32s-r_firmware:4.20.11m
Arista » Dcs-7050qx-32s-R Firmware » Version: 4.20.9m

cpe:2.3:o:arista:dcs-7050qx-32s-r_firmware:4.20.9m
Arista » Dcs-7280sram-48c6-R Firmware » Version: 4.22.0.1f

cpe:2.3:o:arista:dcs-7280sram-48c6-r_firmware:4.22.0.1f

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-9015

Products

Pricing

Contact Us