CVE-2020-11622

moderate-risk
Published 2020-06-10

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.

Do I need to act?

-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (18)

Cloudeos
Cloudeos
Cloudeos
Cloudeos
Cloudeos
Cloudeos
Cloudeos
Cloudeos
Cloudeos
Veos
Veos
Veos
Veos
Veos
Veos
Veos
Veos
Veos

Affected Vendors

Arista

References (4)

Vendor Advisory https://www.arista.com/en/support/advisories-notices
Mitigation https://www.arista.com/en/support/advisories-notices/security-advisories/11195-s...
Vendor Advisory https://www.arista.com/en/support/advisories-notices
Mitigation https://www.arista.com/en/support/advisories-notices/security-advisories/11195-s...
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 19/34 · Moderate