All the vulnerabilites related to arista - 7280cr3-32d4
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 08:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F7B09D-0669-4855-A981-E462090A10F0",
"versionEndIncluding": "4.28.5.1m",
"versionStartIncluding": "4.28.2f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50",
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A375EB2-6D78-4D81-AB8D-4AC501DC0A4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA46EA-F9AE-42FA-A0D9-EDB82060AB6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9FD45E-2D76-43A0-AE2A-C6DC59C45984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"id": "CVE-2023-3646",
"lastModified": "2024-11-21T08:17:44.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T17:15:12.727",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 20:15
Modified
2024-11-21 05:59
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:ccs-722xpm-48y4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "074CBF00-1D2C-4388-874A-62453B1D4564",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-722xpm-48zy8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C1D00-5F35-4F67-8075-D84D3BD9CE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C133EA-753A-4770-AEF8-11AC8E901F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3-32s-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F270D9-1B05-4CBC-BEE0-0850C94BB9F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D11D6B9-1E68-4A65-A9CD-8DD299EC6B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7A876-587F-4C51-BE49-C82F6508C536",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB629B5-7E62-4972-A288-EF76FFA3E441",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33079D44-2255-4682-A4BC-4B071D8EDCFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69F1C5CA-19D7-4F40-93EB-97F44DCD5DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr2ak-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99506386-8D68-46F4-AEA9-4C16C16545B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16CB1780-6DEC-4140-A771-9139C77A8A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4057906A-B27B-4B53-97F6-3F5F35794990",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB1AAF-FC82-4A80-9932-42E8EFA3906A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "583725F6-8583-425C-A847-700DBB9169E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A4B3C-FF12-4DCD-9945-8450AD0BDEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47F31557-7A87-4769-8DDB-6F8CFCEC97E9",
"versionEndExcluding": "1.19.0",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468664F6-B038-4443-86B2-CC82C3D0A2EB",
"versionEndExcluding": "4.27.2",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device."
},
{
"lang": "es",
"value": "Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en el agente de telemetr\u00eda de flujo de estado de Arista EOS TerminAttr y los protocolos de transporte OpenConfig. El impacto de esta vulnerabilidad es que, en determinadas condiciones, TerminAttr podr\u00eda filtrar datos confidenciales de IPsec en texto sin cifrar en CVP a otros usuarios autorizados, lo que podr\u00eda causar que el tr\u00e1fico IPsec sea descifrado o modificado por otros usuarios autorizados en el dispositivo"
}
],
"id": "CVE-2021-28508",
"lastModified": "2024-11-21T05:59:48.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T20:15:08.447",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-26 20:15
Modified
2024-11-21 05:59
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:ccs-722xpm-48y4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "074CBF00-1D2C-4388-874A-62453B1D4564",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-722xpm-48zy8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C1D00-5F35-4F67-8075-D84D3BD9CE73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C133EA-753A-4770-AEF8-11AC8E901F1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3-32s-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F270D9-1B05-4CBC-BEE0-0850C94BB9F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D11D6B9-1E68-4A65-A9CD-8DD299EC6B25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7A876-587F-4C51-BE49-C82F6508C536",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB629B5-7E62-4972-A288-EF76FFA3E441",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33079D44-2255-4682-A4BC-4B071D8EDCFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69F1C5CA-19D7-4F40-93EB-97F44DCD5DCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr2ak-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99506386-8D68-46F4-AEA9-4C16C16545B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16CB1780-6DEC-4140-A771-9139C77A8A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4057906A-B27B-4B53-97F6-3F5F35794990",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB1AAF-FC82-4A80-9932-42E8EFA3906A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "583725F6-8583-425C-A847-700DBB9169E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A4B3C-FF12-4DCD-9945-8450AD0BDEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3871AE3-43FC-4004-ACBD-8460FB89DED5",
"versionEndExcluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2E40AC-033C-4A35-AE27-6429B1DF27E7",
"versionEndExcluding": "1.16.8",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5302364-97A9-470A-A2CE-B12B51DAF845",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16525FC4-B685-49F7-A4D1-6581E27A1FE2",
"versionEndIncluding": "4.23.11",
"versionStartIncluding": "4.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC54BB20-D62F-476D-8A15-8F4D3B8AF389",
"versionEndExcluding": "4.24.10",
"versionStartIncluding": "4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6AD50F-4318-4F22-A5F2-AC4A62156A51",
"versionEndExcluding": "4.25.8",
"versionStartIncluding": "4.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E76257-58E0-49F3-BE6E-063F6B061243",
"versionEndExcluding": "4.26.6",
"versionStartIncluding": "4.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "033E2C2B-5214-4E6F-A6ED-BA0B1EA0D09C",
"versionEndExcluding": "4.27.4",
"versionStartIncluding": "4.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device."
},
{
"lang": "es",
"value": "Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en los protocolos de transporte TerminAttr y OpenConfig del agente de telemetr\u00eda de transmisi\u00f3n de estados de Arista EOS. El impacto de esta vulnerabilidad es que, en determinadas condiciones, TerminAttr podr\u00eda filtrar datos confidenciales MACsec en texto sin cifrar en CVP a otros usuarios autorizados, lo que podr\u00eda causar que el tr\u00e1fico MACsec sea descifrado o modificado por otros usuarios autorizados en el dispositivo"
}
],
"id": "CVE-2021-28509",
"lastModified": "2024-11-21T05:59:48.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T20:15:08.500",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 07:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | eos | * | |
| arista | eos | * | |
| arista | eos | * | |
| arista | eos | 4.25.0f | |
| arista | 7280cr3-32d4 | - | |
| arista | 7280cr3-32p4 | - | |
| arista | 7280cr3-36s | - | |
| arista | 7280cr3-96 | - | |
| arista | 7280cr3a-24d12 | - | |
| arista | 7280cr3a-48d6 | - | |
| arista | 7280cr3a-72 | - | |
| arista | 7280dr3-24 | - | |
| arista | 7280dr3a-36 | - | |
| arista | 7280dr3a-54 | - | |
| arista | 7280dr3ak-36 | - | |
| arista | 7280dr3ak-54 | - | |
| arista | 7280dr3am-36 | - | |
| arista | 7280dr3am-54 | - | |
| arista | 7280pr3-24 | - | |
| arista | 7280r3 | - | |
| arista | 7280sr3-40yc6 | - | |
| arista | 7280sr3-48yc8 | - | |
| arista | 7280tr3-40c6 | - | |
| arista | 7500r3-24d | - | |
| arista | 7500r3-24p | - | |
| arista | 7500r3-36cq | - | |
| arista | 7500r3k-36cq | - | |
| arista | 7500r3k-48y4d | - | |
| arista | 7504r3 | - | |
| arista | 7508r3 | - | |
| arista | 7512r3 | - | |
| arista | 7800r3-36d | - | |
| arista | 7800r3-36p | - | |
| arista | 7800r3-48cq | - | |
| arista | 7800r3a-36d | - | |
| arista | 7800r3a-36dm | - | |
| arista | 7800r3a-36p | - | |
| arista | 7800r3a-36pm | - | |
| arista | 7800r3ak-36dm | - | |
| arista | 7800r3ak-36pm | - | |
| arista | 7800r3k-36dm | - | |
| arista | 7800r3k-48cq | - | |
| arista | 7800r3k-48cqms | - | |
| arista | 7800r3k-72y7512r3 | - | |
| arista | 7808r3 | - | |
| arista | 7812r3 | - | |
| arista | 7816r3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F1F226-FDB1-4452-B166-D08635DAEC5B",
"versionEndIncluding": "4.22.13m",
"versionStartIncluding": "4.22.1f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BE6AE1-4649-4E0B-A4CA-2632CD400940",
"versionEndIncluding": "4.23.14m",
"versionStartIncluding": "4.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2909559A-6FB4-400C-A1AE-BF2B883F4964",
"versionEndIncluding": "4.24.11m",
"versionStartIncluding": "4.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "37536357-7701-48BE-9751-9BADD8E4AAAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"id": "CVE-2023-24548",
"lastModified": "2024-11-21T07:48:06.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T17:15:11.790",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-28 19:15
Modified
2024-11-21 05:14
Severity ?
Summary
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | eos | * | |
| arista | eos | * | |
| arista | eos | * | |
| arista | 7280cr2ak-30 | - | |
| arista | 7280cr2k-60 | - | |
| arista | 7280cr3-32d4 | - | |
| arista | 7280cr3-32p4 | - | |
| arista | 7280cr3-96 | - | |
| arista | 7280cr3k-32d4 | - | |
| arista | 7280cr3k-32p4 | - | |
| arista | 7280cr3k-96 | - | |
| arista | 7280dr3-24 | - | |
| arista | 7280dr3k-24 | - | |
| arista | 7280pr3-24 | - | |
| arista | 7280pr3k-24 | - | |
| arista | 7280sr3-48yc8 | - | |
| arista | 7280sr3k-48yc8 | - | |
| arista | 7500r3-24d | - | |
| arista | 7500r3-24p | - | |
| arista | 7500r3-36cq | - | |
| arista | 7500r3k-36cq | - | |
| arista | 7504r3 | - | |
| arista | 7508r3 | - | |
| arista | 7512r3 | - | |
| arista | 7800r3-36p | - | |
| arista | 7800r3-48cq | - | |
| arista | 7800r3k-48cq | - | |
| arista | 7804r3 | - | |
| arista | 7808r3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188A9EBD-1DD4-4111-A66D-67C0A0035662",
"versionEndIncluding": "4.22.6m",
"versionStartIncluding": "4.22.0f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F80FCF7B-38CD-43B5-82EE-139A0D249D70",
"versionEndIncluding": "4.23.4m",
"versionStartIncluding": "4.23.0f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA43823-81E3-461A-8DC0-0D74D075A0FD",
"versionEndIncluding": "4.24.2.4f",
"versionStartIncluding": "4.24.0f",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr2ak-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99506386-8D68-46F4-AEA9-4C16C16545B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16CB1780-6DEC-4140-A771-9139C77A8A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4057906A-B27B-4B53-97F6-3F5F35794990",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A54F3D32-5A07-4791-90BF-96BD8A24C2F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue with ARP packets in Arista\u2019s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train."
},
{
"lang": "es",
"value": "Un problema con los paquetes ARP en el EOS de Arista afectando a la serie de productos 7800R3, 7500R3 y 7280R3, puede resultar en un problema que causa un bloqueo del kernel, seguido de una recarga del dispositivo.\u0026#xa0;Las versiones de Arista EOS afectadas son: 4.24.2.4F y versiones por debajo en el tren 4.24.x;\u0026#xa0;4.23.4M y versiones por debajo en el tren 4.23.x;\u0026#xa0;4.22.6M y versiones por debajo en el tren 4.22.x"
}
],
"id": "CVE-2020-24360",
"lastModified": "2024-11-21T05:14:39.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-28T19:15:12.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-12 21:15
Modified
2024-11-21 07:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 | Exploit, Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341CA00E-8BDE-4BF9-90D4-7B07FC484D18",
"versionEndExcluding": "4.26.10m",
"versionStartIncluding": "4.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00A7CEC1-C298-4AEE-A079-550167C2AA3A",
"versionEndExcluding": "4.27.9m",
"versionStartIncluding": "4.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32D876FE-C639-4870-A412-0239EA0155D0",
"versionEndExcluding": "4.28.6m",
"versionStartIncluding": "4.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50",
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:ceos-lab:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFB5B5B-42EE-413E-9EA6-0A9C9DF4EA87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arista:cloudeos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "362F2E0F-3D40-444F-87F3-21CA70B1AD04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arista:veos-lab:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04B29E15-3CFB-45EC-B252-8F02CC1E589C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC3D5B4-3B6F-4F15-9CAA-B0D08B53FFC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010t-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCF6152-815E-4B3C-AE4B-CA598BEBD020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E00C871-8EB3-4241-95F3-83A524A79FB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010tx-48-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC52FD-29BE-4037-9A7C-264ACF9F6C0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7781CB15-3452-47D9-A961-8B09F2E9AEC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09A31FB8-512E-43EF-8F87-E02E35F5251E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBFF922-28D7-42D6-8796-91AD9A178D28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561B4042-DFD3-4BC0-9C5F-74799A7E92C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "253D74DE-97F5-40F3-B179-D2D4442C57FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75E03F9E-522F-4D9B-9267-09E2550B5465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "895A7AFD-BE76-47F5-B67B-6279046E4274",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74E258EC-EA50-4185-AA35-5D963C359E74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1482D4FC-60B9-4C89-B892-71AA3E1031F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C99D84E9-2229-459E-AE90-49C2EF670884",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D922C725-1139-4DD4-92FC-9FF15E35CE62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78E7CDCC-ADC6-4854-BFC4-72DA47C5F10B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B03678D-AD7B-4B1A-8E6A-1811DD8B1483",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E803639C-13A1-48CA-A589-C83654AE454F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A495D282-D3DC-4D18-AB72-2358834C238E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D518C8D5-A86B-46E5-A646-8939BFA2E116",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1608297-7079-4F3B-857E-708B74E944D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "806A01C5-231D-4F9D-A292-E9DD706A0C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10746F-8FC0-49EF-BB9C-EC49B734DFA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26582E98-B710-46D7-B8F2-9286E0592FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93D74C0B-E470-4D45-98E2-775DE43997DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2CAA23-003C-43E6-87CE-61E4369C2D30",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7445075-D130-472C-B259-6BACE678541D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3FA52A-3A67-4515-9790-598860102893",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6336F166-FAD3-4846-84B9-45F5FAA3D437",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-32cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7620401C-FB14-46F1-979B-B21194F90945",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48tc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC236-44B3-4EEF-8937-4F86EE99EB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "823E5569-C918-40E6-A2C5-7C415E4ADEF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8EFEEA5-0FC4-4FFC-BF5D-BDBAA1B55C70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2959C68-8731-4F37-B9E7-61E5936D3D8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FB3395-8D13-4477-A46E-37A88272CFAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170b-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE3572E-A724-4057-8776-7A95528DCEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720df-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FCDB83-38D5-4F02-97E2-BBEF891DCDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80EAF795-EB62-4A86-A0FC-A09008E631A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA03BA0B-BB2D-41CF-BA2E-B21604D6FBC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE185FD-0D4D-4862-B513-BC68BF3F9F7E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46C2150F-2FD6-452F-8C56-7413E3EB8FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44A568A1-BA88-458E-B69A-0A2A6C594728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58757129-BF9C-4BD8-B692-BB57023F8A48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2756BB4B-1053-4EAC-AC0B-785FD5039D5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D36540-7723-4284-A207-6BD27728CA25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95CB28-E010-4A1D-A746-F9DDF015868F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:722xpm-48y4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15876058-5E5D-4C87-83A3-592ADCA0AA6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:722xpm-48zy8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "426308A9-D534-4465-865C-39BC70548B00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD95B3B-D655-42DC-85C2-2C6FDBCC77F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D14DE-BAFB-461F-9AA7-E3EDC2D8D468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "901E5B76-0EB7-4EAD-A281-15B9F78041AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx3-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BAE58E-F4B5-4C8F-9EEB-5A0F38A96F0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1DE992-9BFA-4794-82F4-66F464BB384E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260qx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A3811A-EB0E-464B-86E7-0E369935A507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2ak-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99506386-8D68-46F4-AEA9-4C16C16545B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16CB1780-6DEC-4140-A771-9139C77A8A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4057906A-B27B-4B53-97F6-3F5F35794990",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C02B50F5-B316-4081-BC9E-6F1778049096",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB1AAF-FC82-4A80-9932-42E8EFA3906A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF8A65D-6FBC-4C38-8B45-418E6C5EB16C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F088D51-24F4-49AD-8397-73D1EAF45F56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69BA5C6D-40C0-4AA3-AC10-D7F097D8EDD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0040BDDF-D711-4619-9E96-96EFBD33CAA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA716D-CAD1-4689-8A26-977A2E5F869E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7304:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E61BC28B-B998-4F6A-AD70-4FF7F2E3C826",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7308:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377CFAA4-5A1A-4D42-87EF-DC57EE02388B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7316:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D65E57B-F0BA-44C5-9D2A-447961AB8220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD08CBF-6F42-4F98-B413-F65C5613BE6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161DB0D9-9BAC-4546-88D3-5547F4B6149C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06C61DCC-D1CF-4CE5-9634-4BE3E071E83E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC651584-113E-4859-9F14-12D62F3BD626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "583725F6-8583-425C-A847-700DBB9169E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A4B3C-FF12-4DCD-9945-8450AD0BDEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-750x-48thp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2368ADC-9CC5-488C-99D9-CB46AAFB5BA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-750x-48tp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49CE500B-C593-45EC-9C8D-7016D83684AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-750x-48zp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB062249-2B0D-4F07-9854-6C20DF5D8BB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:ccs-750x-48zxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A1160-2E90-4B36-AEB0-74B7FB71D204",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
}
],
"id": "CVE-2023-24511",
"lastModified": "2024-11-21T07:48:01.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-12T21:15:16.707",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-25 21:15
Modified
2024-11-21 07:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341CA00E-8BDE-4BF9-90D4-7B07FC484D18",
"versionEndExcluding": "4.26.10m",
"versionStartIncluding": "4.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00A7CEC1-C298-4AEE-A079-550167C2AA3A",
"versionEndExcluding": "4.27.9m",
"versionStartIncluding": "4.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32D876FE-C639-4870-A412-0239EA0155D0",
"versionEndExcluding": "4.28.6m",
"versionStartIncluding": "4.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50",
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:32qd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4184EB8C-5972-413F-A6CD-B1365D242B41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:48ehs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FED3033F-6AFD-462B-BED4-032D84D41068",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:48lbas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDFE460-5163-4A86-BFDE-7F0FA8EC96D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:48lbs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C680AE5-0810-4A0C-9234-405F2A879F87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:48s6qd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A296BD-4449-447C-AF27-F6C033C686D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010t-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCF6152-815E-4B3C-AE4B-CA598BEBD020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7781CB15-3452-47D9-A961-8B09F2E9AEC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09A31FB8-512E-43EF-8F87-E02E35F5251E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBFF922-28D7-42D6-8796-91AD9A178D28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561B4042-DFD3-4BC0-9C5F-74799A7E92C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "253D74DE-97F5-40F3-B179-D2D4442C57FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75E03F9E-522F-4D9B-9267-09E2550B5465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "895A7AFD-BE76-47F5-B67B-6279046E4274",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74E258EC-EA50-4185-AA35-5D963C359E74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1482D4FC-60B9-4C89-B892-71AA3E1031F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C99D84E9-2229-459E-AE90-49C2EF670884",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D922C725-1139-4DD4-92FC-9FF15E35CE62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78E7CDCC-ADC6-4854-BFC4-72DA47C5F10B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B03678D-AD7B-4B1A-8E6A-1811DD8B1483",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E803639C-13A1-48CA-A589-C83654AE454F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A495D282-D3DC-4D18-AB72-2358834C238E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D518C8D5-A86B-46E5-A646-8939BFA2E116",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1608297-7079-4F3B-857E-708B74E944D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "806A01C5-231D-4F9D-A292-E9DD706A0C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10746F-8FC0-49EF-BB9C-EC49B734DFA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26582E98-B710-46D7-B8F2-9286E0592FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFA321D-F4A5-434C-BB39-D2B2687001D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3264E086-4E90-41D0-8583-8FCF3CE4885D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93D74C0B-E470-4D45-98E2-775DE43997DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2CAA23-003C-43E6-87CE-61E4369C2D30",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7445075-D130-472C-B259-6BACE678541D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3FA52A-3A67-4515-9790-598860102893",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6336F166-FAD3-4846-84B9-45F5FAA3D437",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-32cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7620401C-FB14-46F1-979B-B21194F90945",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48tc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC236-44B3-4EEF-8937-4F86EE99EB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "823E5569-C918-40E6-A2C5-7C415E4ADEF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8EFEEA5-0FC4-4FFC-BF5D-BDBAA1B55C70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2959C68-8731-4F37-B9E7-61E5936D3D8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FB3395-8D13-4477-A46E-37A88272CFAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170b-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE3572E-A724-4057-8776-7A95528DCEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720df-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FCDB83-38D5-4F02-97E2-BBEF891DCDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80EAF795-EB62-4A86-A0FC-A09008E631A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA03BA0B-BB2D-41CF-BA2E-B21604D6FBC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE185FD-0D4D-4862-B513-BC68BF3F9F7E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46C2150F-2FD6-452F-8C56-7413E3EB8FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58757129-BF9C-4BD8-B692-BB57023F8A48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2756BB4B-1053-4EAC-AC0B-785FD5039D5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D36540-7723-4284-A207-6BD27728CA25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95CB28-E010-4A1D-A746-F9DDF015868F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD95B3B-D655-42DC-85C2-2C6FDBCC77F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D14DE-BAFB-461F-9AA7-E3EDC2D8D468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "901E5B76-0EB7-4EAD-A281-15B9F78041AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1DE992-9BFA-4794-82F4-66F464BB384E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260sx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58296832-AA93-4EAE-96BD-28EC368F8391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16CB1780-6DEC-4140-A771-9139C77A8A88",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4057906A-B27B-4B53-97F6-3F5F35794990",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF8A65D-6FBC-4C38-8B45-418E6C5EB16C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F088D51-24F4-49AD-8397-73D1EAF45F56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69BA5C6D-40C0-4AA3-AC10-D7F097D8EDD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0040BDDF-D711-4619-9E96-96EFBD33CAA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA716D-CAD1-4689-8A26-977A2E5F869E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD08CBF-6F42-4F98-B413-F65C5613BE6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7358x4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC38094-A539-425D-A2B6-770FAF0FC3C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161DB0D9-9BAC-4546-88D3-5547F4B6149C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A54F3D32-5A07-4791-90BF-96BD8A24C2F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:96lbs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAE5B17-52F9-4FDD-BD65-AA0C1ADB4806",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7010tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB43CD4-C96F-483C-B743-3D81C9A65EDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500-12cq-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCCC3EC2-D68C-49E5-8E72-35F16853CA04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30D363C8-7D75-4EA7-B5BC-566C1C9ECE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500e-36q-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E0CD14C-E2C8-4EEC-AAD9-E2428E8610DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500e-48s-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD40F1C-32AA-42DF-9378-724CD949127B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB63C0B-D27A-4CB4-B379-570C0DC8B958",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500e-72s-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2468E734-5CA3-4293-A806-358FE659AEA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52C4EAF7-6FD7-477A-B4BE-DE5920BF7BBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500r-36q-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA8BEE5-9EDC-4BAC-AB7C-4F9E6680388B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB68705B-A8A5-49AB-AC53-02B311900F7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:ceos-lab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2260519E-FB90-4924-95E7-1FCC34C4B38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:cloudeos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "362F2E0F-3D40-444F-87F3-21CA70B1AD04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista:veos-lab:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04B29E15-3CFB-45EC-B252-8F02CC1E589C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision"
}
],
"id": "CVE-2023-24512",
"lastModified": "2024-11-21T07:48:01.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-25T21:15:10.190",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-24512
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | Terminattr |
Version: 1.23.0 Version: unspecified < Version: 1.24.0 < Version: 1.22.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Terminattr",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "1.23.0"
},
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.24.3",
"status": "affected",
"version": "1.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.1",
"status": "affected",
"version": "1.22.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24512 the following conditions must be all be met:\n\nA vulnerable version of the Streaming Telemetry Agent must be installed on the switch. The version can be verified with the following commands:\n#show version detail | grep TerminAttr-core\nTerminAttr-core v1.13.3 1\n\nIn the above example, TerminAttr 1.13.3 is installed.\n\nThe agent must be running on the switch. This can be verified as follows on the switch:\nswitch# show daemon TerminAttr\nProcess: TerminAttr (running with PID 2430)\n\n\nThe Streaming Telemetry Agent must be configured to allow external connections using gRPC. This can be verified by the presence of the -grpcaddr option:\nswitch# daemon TerminAttr\n show active\ndaemon TerminAttr\n exec /usr/bin/TerminAttr -grpcaddr=... \u003cother options...\u003e"
}
],
"datePublic": "2023-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-25T00:00:00",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086"
}
],
"solutions": [
{
"lang": "en",
"value": "While the steps listed above resolve the issue, the recommended long term solution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nThere are two possible solutions:\n\nUpgrade the Streaming Telemetry Agent \nCustomers can upgrade the Streaming Telemetry Agent to a fixed version, following the directions in https://arista.my.site.com/AristaCommunity/s/article/terminattr-upgrade-downgrade. Fixes are available in the following supported release trains:\nTerminAttr 1.25.0 and later Terminattr versions\nUsers of 1.24.X and 1.23.X TerminAttr releases should upgrade to TerminAttr 1.25.0 or later.\nTerminAttr 1.22.2 and later version in the TerminAttr 1.22.X train\nTerminAttr 1.19.6 and later versions in the TerminAttr 1.19.X train\n"
},
{
"lang": "en",
"value": "Upgrade EOS\nCustomers can upgrade to a version of EOS which contains a fixed version of the Streaming Telemetry Agent within the EOS image, as documented in https://www.arista.com/en/um-eos/eos-upgradedowngrade-overview:\nEOS 4.29.2F and later releases, which contains TerminAttr 1.25.0 or a more recent version\nEOS 4.28.6M and later releases in the 4.28.X train, which contains TerminAttr 1.22.2 or a more recent version\nEOS 4.27.9M and later releases in the 4.27.X train, which contains TerminAttr 1.19.6 or a more recent version\nEOS 4.26.10M and later releases in the 4.26.X train, which contains TerminAttr 1.19.6 or a more recent version\n"
}
],
"source": {
"advisory": "86",
"defect": [
"751697"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. ",
"workarounds": [
{
"lang": "en",
"value": "The streaming telemetry agent can be configured in gRPC read-only mode by specifying -grpcreadonly as part of its configuration. For instance as follows:\n\nswitch# daemon TerminAttr\n exec /usr/bin/TerminAttr -grpcreadonly -grpcaddr=... \u003cother options...\u003e\n no shutdown\n\n\nIf TerminAttr is running, it must be restarted for the configuration to take effect. This can be done as follows:\n\nswitch# daemon TerminAttr\n shutdown\n wait-for-warmup\n no shutdown"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24512",
"datePublished": "2023-04-25T00:00:00",
"dateReserved": "2023-01-24T00:00:00",
"dateUpdated": "2024-08-02T10:56:04.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28509
Vulnerability from cvelistv5
Published
2022-05-26 19:50
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Arista Networks | Arista EOS |
Version: 4.23 < Version: 4.24 < Version: 4.25 < Version: 4.26 < Version: 4.27 < |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arista EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.23.11",
"status": "affected",
"version": "4.23",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.9",
"status": "affected",
"version": "4.24",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.7",
"status": "affected",
"version": "4.25",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.5",
"status": "affected",
"version": "4.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.3",
"status": "affected",
"version": "4.27",
"versionType": "custom"
}
]
},
{
"product": "Arista TerminAttr",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "v1.10.10",
"status": "affected",
"version": "v1.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.16.7",
"status": "affected",
"version": "v1.16",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.19.1",
"status": "affected",
"version": "v1.19",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255 Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T19:50:36",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following versions:\n\nEOS versions:\n 4.24.10 and later release in the 4.24.x train\n 4.25.8 and later releases in the 4.25.x train\n 4.26.6 and later releases in the 4.26.x train\n 4.27.4 and later releases in the 4.27.x train\nTerminAttr versions:\n TerminAttr v1.10.11 and later releases in the v1.10.x train\n TerminAttr v1.16.8 and later releases in the v1.16.x train\n TerminAttr v1.19.2 and later releases"
}
],
"source": {
"advisory": "Security Advisory 0077",
"defect": [
"CVE-2021-28509"
],
"discovery": "INTERNAL"
},
"title": "TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP",
"workarounds": [
{
"lang": "en",
"value": "On the affected versions, the vulnerabilities can be mitigated by disabling TerminAttr agent."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-05-25T16:10:00.000Z",
"ID": "CVE-2021-28509",
"STATE": "PUBLIC",
"TITLE": "TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arista EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.23",
"version_value": "4.23.11"
},
{
"version_affected": "\u003c=",
"version_name": "4.24",
"version_value": "4.24.9"
},
{
"version_affected": "\u003c=",
"version_name": "4.25",
"version_value": "4.25.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.26",
"version_value": "4.26.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.27",
"version_value": "4.27.3"
}
]
}
},
{
"product_name": "Arista TerminAttr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v1.10",
"version_value": "v1.10.10"
},
{
"version_affected": "\u003c=",
"version_name": "v1.16",
"version_value": "v1.16.7"
},
{
"version_affected": "\u003c=",
"version_name": "v1.19",
"version_value": "v1.19.1"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following versions:\n\nEOS versions:\n 4.24.10 and later release in the 4.24.x train\n 4.25.8 and later releases in the 4.25.x train\n 4.26.6 and later releases in the 4.26.x train\n 4.27.4 and later releases in the 4.27.x train\nTerminAttr versions:\n TerminAttr v1.10.11 and later releases in the v1.10.x train\n TerminAttr v1.16.8 and later releases in the v1.16.x train\n TerminAttr v1.19.2 and later releases"
}
],
"source": {
"advisory": "Security Advisory 0077",
"defect": [
"CVE-2021-28509"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "On the affected versions, the vulnerabilities can be mitigated by disabling TerminAttr agent."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28509",
"datePublished": "2022-05-26T19:50:36.432905Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T20:32:30.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24511
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.28.0 4.28.5.1M Version: 4.27.0 4.27.8.1M Version: 4.26.0 4.26.9M Version: 4.25.0 4.25.10M Version: 4.24.0 4.24.11M Version: 4.29.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.28.0 4.28.5.1M"
},
{
"status": "affected",
"version": "4.27.0 4.27.8.1M"
},
{
"status": "affected",
"version": "4.26.0 4.26.9M"
},
{
"status": "affected",
"version": "4.25.0 4.25.10M"
},
{
"status": "affected",
"version": "4.24.0 4.24.11M"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24511, the following condition must be met:\n\nSNMP must be configured:\n"
}
],
"datePublic": "2023-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades\n\nCVE-2023-24511 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n"
},
{
"lang": "en",
"value": "The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.29.1F and below releases in the 4.29.x train\n4.28.5.1M and below releases in the 4.28.x train\n4.27.8.1M and below releases in the 4.27.x train\n4.26.9M and below releases in the 4.26.x train\n\nNote: Installing/uninstalling the SWIX will cause the snmpd process to restart\nVersion: 1.0\nURL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\nSWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\n(SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5"
}
],
"source": {
"advisory": "84",
"defect": [
"751040"
],
"discovery": "EXTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.",
"workarounds": [
{
"lang": "en",
"value": "If you suspect you are encountering this issue due to malicious activity, the workaround is to enable SNMP service ACLs to only allow specific IP addresses to query SNMP (combined with anti-spoofing ACLs in the rest of the network).\n\nsnmp-server ipv4 access-list allowHosts4\nsnmp-server ipv6 access-list allowHosts6\n!\nipv6 access-list allowHosts6\n 10 permit ipv6 host \u003cipv6 address\u003e any\n!\nip access-list allowHosts4\n 10 permit ip host \u003cipv4 address\u003e any\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24511",
"datePublished": "2023-04-12T00:00:00",
"dateReserved": "2023-01-24T00:00:00",
"dateUpdated": "2024-08-02T10:56:04.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24360
Vulnerability from cvelistv5
Published
2020-12-28 18:08
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue with ARP packets in Arista\u2019s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T18:08:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue with ARP packets in Arista\u2019s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59",
"refsource": "CONFIRM",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24360",
"datePublished": "2020-12-28T18:08:57",
"dateReserved": "2020-08-15T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24548
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.25.0F < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.1F < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:44.954023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:46:19.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "=4.25.0F",
"status": "affected",
"version": "4.25.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.23.14M",
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.22.13M",
"status": "affected",
"version": "4.22.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIP routing should be enabled:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSwitch\u0026gt; show running-config section ip routing\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN should be configured - a sample configuration is found below:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Loopback interface configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section loopback\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 10.0.0.1/32\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# VXLAN VTEP configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vxlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan source-interface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan udp-port 4789\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan flood vtep 10.0.0.2\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Overlay interface\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Ethernet1/1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;switchport access vlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vlan100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 1.0.0.1/24\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; vxlan vlan 100 vni 100000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evrf instance red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing vrf red\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan vrf red vni 200000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eWhether such a configuration exists can be checked as follows:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vxlan vni\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; \u0026nbsp; Interface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 802.1Q Tag\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- ------------ ----------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static \u0026nbsp; \u0026nbsp; \u0026nbsp; Ethernet1/1 \u0026nbsp; \u0026nbsp; \u0026nbsp; untagged\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Vxlan1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 100\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to dynamic VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; Source\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- --------- ------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e200000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; red \u0026nbsp; \u0026nbsp; \u0026nbsp; evpn\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVLAN Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Ports\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----- -------------------------------- --------- -------------------------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; VLAN0100 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e* VLAN1006 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show ip interface brief\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Address\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----------------- --------------------- ------------ -------------- ----------- -------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.0.0.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; unassigned \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10168\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch\u003e show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch\u003e show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch\u003e show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch\u003e show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch\u003e show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch\u003e show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch\u003e show vlan\n\nVLAN Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n\n\nswitch\u003e show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn\u003c/span\u003e \u003cspan style=\"background-color: transparent;\"\u003eaffected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-583",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-583 Disabling Network Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:13:10.451Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2023-24548 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.0F and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.29.0F and later releases in the 4.29.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.28.0F and later releases in the 4.28.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.27.0F and later releases in the 4.27.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.26.0F and later releases in the 4.26.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.25.1F and later releases in the 4.25.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: transparent;\"\u003eNo remediation is planned for EOS software versions that are beyond their \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"\u003e\u003cspan style=\"background-color: transparent;\"\u003estandard EOS support lifecycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;\"\u003e (i.e. 4.22, 4.23).\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n * 4.30.0F and later releases in the 4.30.x train\n\n\n * 4.29.0F and later releases in the 4.29.x train\n\n\n * 4.28.0F and later releases in the 4.28.x train\n\n\n * 4.27.0F and later releases in the 4.27.x train\n\n\n * 4.26.0F and later releases in the 4.26.x train\n\n\n * 4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).\n"
}
],
"source": {
"advisory": "Security Advisory 89",
"defect": [
"828687"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24548",
"datePublished": "2023-08-29T16:13:10.451Z",
"dateReserved": "2023-01-26T11:37:43.827Z",
"dateUpdated": "2024-09-30T17:46:19.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3646
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.28.2F < Version: 4.29.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:25.757684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:44:07.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.28.5.1M ",
"status": "affected",
"version": "4.28.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring to multiple destinations must be configured:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch(config)#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSession s1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------------------\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSources:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBoth Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; Et1/1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDestination Ports:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et9/1 : active\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et10/1 : active\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example two destinations, Et9/1 and Et10/1, are configured.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring config must be added with mirror destination being ethernet port, example:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch # show running-config | section monitor\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003emonitor session APCON destination Ethernet54/1\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example the argument after destination is an Ethernet port.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: \u00a0 \u00a0 \u00a0 Et1/1\n\n\nDestination Ports:\n\n\n\u00a0 \u00a0 Et9/1 : active\n\n\u00a0 \u00a0 Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-603",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-603 Blockage"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:31:57.668Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-3646 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.6M and later releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.2F and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.2F through 4.28.5.1M releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.1F and earlier releases in the 4.29.X train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\u003c/p\u003e\u003cp\u003eTo determine which hotfix to use, run \u201c\u003cb\u003eshow version\u003c/b\u003e\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\u003c/p\u003e\u003cdiv\u003eVersion: 1.0\u003cbr\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run \u201cshow version\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n\u00a0\n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n\u00a0\n\nFor instructions on installation and verification of the hotfix patch, refer to the \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\n\n\n"
}
],
"source": {
"advisory": "88",
"defect": [
"BUG829136",
"BUG765111"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe suggestion to prevent this issue is to remove any mirroring config\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eNo sessions created\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-3646",
"datePublished": "2023-08-29T16:31:57.668Z",
"dateReserved": "2023-07-12T17:53:27.986Z",
"dateUpdated": "2024-09-30T17:44:07.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28508
Vulnerability from cvelistv5
Published
2022-05-26 19:48
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Arista Networks | Arista EOS |
Version: 4.23 < Version: 4.24 < Version: 4.25 < Version: 4.26 < Version: 4.27 < |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arista EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.23.11",
"status": "affected",
"version": "4.23",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.9",
"status": "affected",
"version": "4.24",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.7",
"status": "affected",
"version": "4.25",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.5",
"status": "affected",
"version": "4.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.3",
"status": "affected",
"version": "4.27",
"versionType": "custom"
}
]
},
{
"product": "Arista TerminAttr",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "v1.10.10",
"status": "affected",
"version": "v1.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.16.7",
"status": "affected",
"version": "v1.16",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.18.1",
"status": "affected",
"version": "v1.18",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255 Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T19:48:13",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following versions:\n\nEOS versions:\n 4.24.10 and later release in the 4.24.x train\n 4.25.8 and later releases in the 4.25.x train\n 4.26.6 and later releases in the 4.26.x train\n 4.27.2 and later releases in the 4.27.x train\nTerminAttr versions:\n TerminAttr v1.10.11 and later releases in the v1.10.x train\n TerminAttr v1.16.8 and later releases in the v1.16.x train\n TerminAttr v1.19.0 and later releases"
}
],
"source": {
"advisory": "Security Advisory 0077",
"defect": [
"CVE-2021-28508"
],
"discovery": "INTERNAL"
},
"title": "TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP",
"workarounds": [
{
"lang": "en",
"value": "On the affected versions, the vulnerabilities can be mitigated by disabling TerminAttr agent."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-05-25T16:10:00.000Z",
"ID": "CVE-2021-28508",
"STATE": "PUBLIC",
"TITLE": "TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arista EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.23",
"version_value": "4.23.11"
},
{
"version_affected": "\u003c=",
"version_name": "4.24",
"version_value": "4.24.9"
},
{
"version_affected": "\u003c=",
"version_name": "4.25",
"version_value": "4.25.7"
},
{
"version_affected": "\u003c=",
"version_name": "4.26",
"version_value": "4.26.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.27",
"version_value": "4.27.3"
}
]
}
},
{
"product_name": "Arista TerminAttr",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v1.10",
"version_value": "v1.10.10"
},
{
"version_affected": "\u003c=",
"version_name": "v1.16",
"version_value": "v1.16.7"
},
{
"version_affected": "\u003c=",
"version_name": "v1.18",
"version_value": "v1.18.1"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe vulnerability is fixed in the following versions:\n\nEOS versions:\n 4.24.10 and later release in the 4.24.x train\n 4.25.8 and later releases in the 4.25.x train\n 4.26.6 and later releases in the 4.26.x train\n 4.27.2 and later releases in the 4.27.x train\nTerminAttr versions:\n TerminAttr v1.10.11 and later releases in the v1.10.x train\n TerminAttr v1.16.8 and later releases in the v1.16.x train\n TerminAttr v1.19.0 and later releases"
}
],
"source": {
"advisory": "Security Advisory 0077",
"defect": [
"CVE-2021-28508"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "On the affected versions, the vulnerabilities can be mitigated by disabling TerminAttr agent."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28508",
"datePublished": "2022-05-26T19:48:13.716111Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T19:47:13.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}