Vulnerability Details : CVE-2019-18948
An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.
Products affected by CVE-2019-18948
- cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.16:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.17:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.18:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:arista:eos:4.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18948
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18948
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2019-18948
-
https://www.arista.com/en/support/advisories-notices/security-advisories/10292-security-advisory-47
Security Advisory 0047 - AristaPatch;Vendor Advisory
Jump to