vulnerability
security-advisory-0080
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:N/C:N/I:P/A:N) | Sep 27, 2022 | Sep 4, 2024 | Apr 29, 2025 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:N)
Published
Sep 27, 2022
Added
Sep 4, 2024
Modified
Apr 29, 2025
Description
This advisory documents the impact of 4 publicly disclosed vulnerabilities within Ethernet encapsulation protocols on Arista products. These issues affect multiple networking vendors and the coordination of this disclosure has been handled by IEEE. The issues involve how L2 network security controls can be bypassed using VLAN 0 stacking or 802.3 LLC headers with invalid length. An attacker can send crafted packets through vulnerable devices to cause Denial-of-Service (DoS) or to perform a Man-in-the-Middle (MitM) attack against L2 reachable hosts in the network. As of the time of this publication, Arista is not aware of any malicious uses of this issue in customer networks.
Solution
upgrade-solution-CVE-2021-27853
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.