CVE-2020-15898
https://notcve.org/view.php?id=CVE-2020-15898
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. • https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56 •
CVE-2020-26569
https://notcve.org/view.php?id=CVE-2020-26569
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. En unas configuraciones EVPN VxLAN en Arista EOS, los paquetes malformados específicos pueden conllevar a enlaces incorrectos de MAC a IP y, como resultado, los paquetes pueden ser reenviados incorrectamente a través de los límites de la VLAN. Esto puede causar que el tráfico se descarte en la VLAN receptora. • https://www.arista.com/en/support/advisories-notices/security-advisories/11997-security-advisory-57 •