CVE-2020-11622

Name: CVE-2020-11622
Creator: NVD / NIST
Published: 2020-06-10T20:15:13.157+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.28%

Last modified Jun 17, 2026

CVE-2020-11622 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.. EPSS estimates a 1.28% chance of exploitation in the next 30 days.

Description

A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.28%

66.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Arista	Cloudeos	>= 4.21.3m, <= 4.21.9m
Arista	Cloudeos	>= 4.22.0, <= 4.22.4m
Arista	Cloudeos	>= 4.23.0, <= 4.23.2m
Arista	Cloudeos	4.21.3fx-7368
Arista	Cloudeos	4.21.4-fcrfx
Arista	Cloudeos	4.21.4.1
Arista	Cloudeos	4.21.7.1
Arista	Cloudeos	4.22.2.0.1
Arista	Cloudeos	4.22.2.2.1
Arista	Cloudeos	4.22.3.1
Arista	Cloudeos	4.23.2.1
Arista	Veos	>= 4.21.3m, <= 4.21.9m
Arista	Veos	>= 4.22.0, <= 4.22.4m
Arista	Veos	>= 4.23.0, <= 4.23.2m
Arista	Veos	4.21.3fx-7368
Arista	Veos	4.21.4-fcrfx
Arista	Veos	4.21.4.1
Arista	Veos	4.21.7.1
Arista	Veos	4.22.2.0.1
Arista	Veos	4.22.2.2.1
Arista	Veos	4.22.3.1
Arista	Veos	4.23.2.1

References

https://www.arista.com/en/support/advisories-noticesVendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11195-security-advisory-49Mitigation, Vendor Advisory
https://www.arista.com/en/support/advisories-noticesVendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/11195-security-advisory-49Mitigation, Vendor Advisory

Timeline

Published: Jun 10, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-11622?

How severe is CVE-2020-11622?

CVE-2020-11622 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.

How do I fix CVE-2020-11622?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11622?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST