7.5

CVE-2020-11622

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.

Data is provided by the National Vulnerability Database (NVD)
AristaCloudeos Version >= 4.21.3m <= 4.21.9m
AristaCloudeos Version >= 4.22.0 <= 4.22.4m
AristaCloudeos Version >= 4.23.0 <= 4.23.2m
AristaCloudeos Version4.21.3fx-7368
AristaCloudeos Version4.21.4-fcrfx
AristaCloudeos Version4.21.4.1
AristaCloudeos Version4.21.7.1
AristaCloudeos Version4.22.2.0.1
AristaCloudeos Version4.22.2.2.1
AristaCloudeos Version4.22.3.1
AristaCloudeos Version4.23.2.1
AristaVeos Version >= 4.21.3m <= 4.21.9m
AristaVeos Version >= 4.22.0 <= 4.22.4m
AristaVeos Version >= 4.23.0 <= 4.23.2m
AristaVeos Version4.21.3fx-7368
AristaVeos Version4.21.4-fcrfx
AristaVeos Version4.21.4.1
AristaVeos Version4.21.7.1
AristaVeos Version4.22.2.0.1
AristaVeos Version4.22.2.2.1
AristaVeos Version4.22.3.1
AristaVeos Version4.23.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.35% 0.542
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P