{ "product_tree": { "full_product_names": [ { "product_id": "EOS-4.22.1", "name": "EOS version 4.22.1" }, { "product_id": "EOS-4.22.7", "name": "EOS version 4.22.7" }, { "product_id": "EOS-4.23.5", "name": "EOS version 4.23.5" }, { "product_id": "EOS-4.24.3", "name": "EOS version 4.24.3" }, { "product_id": "EOS-4.25.0", "name": "EOS version 4.25.0" }, { "product_id": "EOS-4.22.3", "name": "EOS version 4.22.3" }, { "product_id": "EOS-4.22.4", "name": "EOS version 4.22.4" }, { "product_id": "EOS-4.22.5", "name": "EOS version 4.22.5" }, { "product_id": "7500R3", "name": "7500R3 series" }, { "product_id": "DCS-7280R3", "name": "DCS-7280R3 series" }, { "product_id": "DCS-7800R3", "name": "DCS-7800R3 series" }, { "product_id": "EOS-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "name": "EOS Hotfix SecurityAdvisory0059Hotfix.swix v1.0" } ], "relationships": [ { "category": "installed_on", "relates_to_product_reference": "7500R3", "full_product_name": { "name": "EOS version 4.22.1 installed on 7500R3", "product_id": "EOS-4.22.1-7500R3" }, "product_reference": "EOS-4.22.1" }, { "category": "installed_on", "relates_to_product_reference": "7500R3", "full_product_name": { "name": "EOS version 4.22.7 installed on 7500R3", "product_id": "EOS-4.22.7-7500R3" }, "product_reference": "EOS-4.22.7" }, { "category": "installed_on", "relates_to_product_reference": "7500R3", "full_product_name": { "name": "EOS version 4.23.5 installed on 7500R3", "product_id": "EOS-4.23.5-7500R3" }, "product_reference": "EOS-4.23.5" }, { "category": "installed_on", "relates_to_product_reference": "7500R3", "full_product_name": { "name": "EOS version 4.24.3 installed on 7500R3", "product_id": "EOS-4.24.3-7500R3" }, "product_reference": "EOS-4.24.3" }, { "category": "installed_on", "relates_to_product_reference": "7500R3", "full_product_name": { "name": "EOS version 4.25.0 installed on 7500R3", "product_id": "EOS-4.25.0-7500R3" }, "product_reference": "EOS-4.25.0" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7280R3", "full_product_name": { "name": "EOS version 4.22.1 installed on DCS-7280R3", "product_id": "EOS-4.22.1-DCS-7280R3" }, "product_reference": "EOS-4.22.1" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7280R3", "full_product_name": { "name": "EOS version 4.22.7 installed on DCS-7280R3", "product_id": "EOS-4.22.7-DCS-7280R3" }, "product_reference": "EOS-4.22.7" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7280R3", "full_product_name": { "name": "EOS version 4.23.5 installed on DCS-7280R3", "product_id": "EOS-4.23.5-DCS-7280R3" }, "product_reference": "EOS-4.23.5" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7280R3", "full_product_name": { "name": "EOS version 4.24.3 installed on DCS-7280R3", "product_id": "EOS-4.24.3-DCS-7280R3" }, "product_reference": "EOS-4.24.3" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7280R3", "full_product_name": { "name": "EOS version 4.25.0 installed on DCS-7280R3", "product_id": "EOS-4.25.0-DCS-7280R3" }, "product_reference": "EOS-4.25.0" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7800R3", "full_product_name": { "name": "EOS version 4.22.1 installed on DCS-7800R3", "product_id": "EOS-4.22.1-DCS-7800R3" }, "product_reference": "EOS-4.22.1" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7800R3", "full_product_name": { "name": "EOS version 4.22.7 installed on DCS-7800R3", "product_id": "EOS-4.22.7-DCS-7800R3" }, "product_reference": "EOS-4.22.7" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7800R3", "full_product_name": { "name": "EOS version 4.23.5 installed on DCS-7800R3", "product_id": "EOS-4.23.5-DCS-7800R3" }, "product_reference": "EOS-4.23.5" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7800R3", "full_product_name": { "name": "EOS version 4.24.3 installed on DCS-7800R3", "product_id": "EOS-4.24.3-DCS-7800R3" }, "product_reference": "EOS-4.24.3" }, { "category": "installed_on", "relates_to_product_reference": "DCS-7800R3", "full_product_name": { "name": "EOS version 4.25.0 installed on DCS-7800R3", "product_id": "EOS-4.25.0-DCS-7800R3" }, "product_reference": "EOS-4.25.0" }, { "category": "installed_with", "relates_to_product_reference": "EOS-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "full_product_name": { "name": "EOS version 4.22.3 with Hotfix SecurityAdvisory0059Hotfix.swix v1.0", "product_id": "EOS-4.22.3-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0" }, "product_reference": "EOS-4.22.3" }, { "category": "installed_with", "relates_to_product_reference": "EOS-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "full_product_name": { "name": "EOS version 4.22.4 with Hotfix SecurityAdvisory0059Hotfix.swix v1.0", "product_id": "EOS-4.22.4-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0" }, "product_reference": "EOS-4.22.4" }, { "category": "installed_with", "relates_to_product_reference": "EOS-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "full_product_name": { "name": "EOS version 4.22.5 with Hotfix SecurityAdvisory0059Hotfix.swix v1.0", "product_id": "EOS-4.22.5-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0" }, "product_reference": "EOS-4.22.5" } ] }, "vulnerabilities": [ { "references": [ { "category": "external", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24360", "summary": "MITRE link" }, { "category": "external", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59", "summary": "Security Advisory 59" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.22.7", "date": "2021-07-29T17:49:13Z" }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.23.5", "date": "2021-07-29T17:49:13Z" }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.24.3", "date": "2021-07-29T17:49:13Z" }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.25.0", "date": "2021-07-29T17:49:13Z" }, { "category": "mitigation", "date": "2021-07-29T17:49:13Z", "details": "Hotfix: SecurityAdvisory0059Hotfix.swix, v1.0, Hash: (SHA-512)a33bc69f853269cfac2cf67c57033538100d5c356757ae0381614d10f537a2859db2d40bc29ff0eb37def08f12d15e4288293e25341c2a26453c562c4188730a", "url": "https://www.arista.com/assets/data/SecurityAdvisories/SA59/SecurityAdvisory0059Hotfix.swix", "product_ids": [ "EOS-4.22.3", "EOS-4.22.4", "EOS-4.22.5" ] } ], "scores": [ { "products": [ "EOS-4.22.1", "EOS-4.22.7", "EOS-4.23.5", "EOS-4.24.3", "EOS-4.25.0", "7500R3", "DCS-7280R3", "DCS-7800R3" ], "cvss_v31": { "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "baseSeverity": "High", "baseScore": "7.4" } } ], "product_status": { "first_fixed": [ "EOS-4.22.3-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "EOS-4.22.4-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0", "EOS-4.22.5-Hotfix-SecurityAdvisory0059Hotfix.swix-v1.0" ], "first_affected": [ "EOS-4.22.1" ], "fixed": [ "EOS-4.22.7", "EOS-4.23.5", "EOS-4.24.3", "EOS-4.25.0" ] }, "title": "CVE-2020-24360", "notes": [ { "category": "description", "text": "This advisory documents the impact of a vulnerability in Arista\u2019s EOS affecting the 7800R3, 7500R3 series and the 7280R3 series of products. Affected software releases are listed below. An issue with ARP packets may result in issues that cause a kernel crash, followed by a device reload. Bug 504140 tracks this issue for EOS.\n", "title": "CVE Description" }, { "category": "other", "text": "Platforms from the Arista R3 series running the affected software with both \u2018ip routing\u2019 enabled and Layer 3 interfaces configured, either as a routed port or as an SVI, are vulnerable. The recommendation is to install the hotfix or upgrade to a remediated EOS version. Below are show commands that can help determine if the required configurations are in use. The commands listed below can be used to identify the presence of Layer 3 interfaces and ip routing configuration (relevant outputs highlighted in red). In the example below, Ethernet1 is a routed port and Vlan4000 is an SVI - both are Layer 3 interfaces.\n\nswitch#show ip interfaces brief\n \n Interface IP Address Status Protocol MTU \n ------------- ---------------- ------------ ----------- ------ \n Ethernet1 172.15.100.109/30 up up 1500 \n Ethernet2 172.15.100.113/30 up up 1500 \n Loopback0 172.15.0.21/32 up up 65535 \n Management1 10.90.165.21/24 up up 1500 \n Vlan4000 192.168.1.2/30 up up 1500 \n\n switch#show run section ip routing\n ip routing\n", "title": "Required Config for Exploitation" } ], "cve": "CVE-2020-24360", "id": { "system_name": "Arista Bug ID", "text": "504140" } } ], "document": { "category": "Security Advisory", "publisher": { "contact_details": "support@arista.com", "name": "Arista PSIRT", "category": "vendor" }, "tracking": { "status": "final", "current_release_date": "2021-07-29T17:49:13Z", "revision_history": [ { "date": "2021-07-29T17:49:13Z", "number": "1.0.0", "summary": "Document created." } ], "version": "1.0.0", "initial_release_date": "2021-07-29T17:49:13Z", "id": "CVE-2020-24360 - Security Advisory 59" }, "title": "CSAF-SecurityAdvisory0059", "csaf_version": "2.0" } }