All the vulnerabilites related to arista - 7800r3k-72y7512r3
cve-2023-24548
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.25.0F < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.1F < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:44.954023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:46:19.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "=4.25.0F",
"status": "affected",
"version": "4.25.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.23.14M",
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.22.13M",
"status": "affected",
"version": "4.22.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIP routing should be enabled:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSwitch\u0026gt; show running-config section ip routing\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN should be configured - a sample configuration is found below:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Loopback interface configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section loopback\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 10.0.0.1/32\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# VXLAN VTEP configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vxlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan source-interface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan udp-port 4789\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan flood vtep 10.0.0.2\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Overlay interface\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Ethernet1/1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;switchport access vlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vlan100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 1.0.0.1/24\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; vxlan vlan 100 vni 100000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evrf instance red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing vrf red\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan vrf red vni 200000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eWhether such a configuration exists can be checked as follows:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vxlan vni\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; \u0026nbsp; Interface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 802.1Q Tag\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- ------------ ----------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static \u0026nbsp; \u0026nbsp; \u0026nbsp; Ethernet1/1 \u0026nbsp; \u0026nbsp; \u0026nbsp; untagged\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Vxlan1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 100\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to dynamic VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; Source\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- --------- ------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e200000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; red \u0026nbsp; \u0026nbsp; \u0026nbsp; evpn\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVLAN Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Ports\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----- -------------------------------- --------- -------------------------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; VLAN0100 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e* VLAN1006 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show ip interface brief\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Address\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----------------- --------------------- ------------ -------------- ----------- -------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.0.0.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; unassigned \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10168\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch\u003e show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch\u003e show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch\u003e show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch\u003e show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch\u003e show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch\u003e show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch\u003e show vlan\n\nVLAN Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n\n\nswitch\u003e show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn\u003c/span\u003e \u003cspan style=\"background-color: transparent;\"\u003eaffected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-583",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-583 Disabling Network Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:13:10.451Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2023-24548 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.0F and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.29.0F and later releases in the 4.29.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.28.0F and later releases in the 4.28.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.27.0F and later releases in the 4.27.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.26.0F and later releases in the 4.26.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.25.1F and later releases in the 4.25.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: transparent;\"\u003eNo remediation is planned for EOS software versions that are beyond their \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"\u003e\u003cspan style=\"background-color: transparent;\"\u003estandard EOS support lifecycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;\"\u003e (i.e. 4.22, 4.23).\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n * 4.30.0F and later releases in the 4.30.x train\n\n\n * 4.29.0F and later releases in the 4.29.x train\n\n\n * 4.28.0F and later releases in the 4.28.x train\n\n\n * 4.27.0F and later releases in the 4.27.x train\n\n\n * 4.26.0F and later releases in the 4.26.x train\n\n\n * 4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).\n"
}
],
"source": {
"advisory": "Security Advisory 89",
"defect": [
"828687"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24548",
"datePublished": "2023-08-29T16:13:10.451Z",
"dateReserved": "2023-01-26T11:37:43.827Z",
"dateUpdated": "2024-09-30T17:46:19.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3646
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.28.2F < Version: 4.29.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:25.757684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:44:07.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.28.5.1M ",
"status": "affected",
"version": "4.28.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring to multiple destinations must be configured:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch(config)#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSession s1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------------------\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSources:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBoth Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; Et1/1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDestination Ports:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et9/1 : active\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et10/1 : active\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example two destinations, Et9/1 and Et10/1, are configured.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring config must be added with mirror destination being ethernet port, example:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch # show running-config | section monitor\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003emonitor session APCON destination Ethernet54/1\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example the argument after destination is an Ethernet port.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: \u00a0 \u00a0 \u00a0 Et1/1\n\n\nDestination Ports:\n\n\n\u00a0 \u00a0 Et9/1 : active\n\n\u00a0 \u00a0 Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-603",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-603 Blockage"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:31:57.668Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-3646 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.6M and later releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.2F and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.2F through 4.28.5.1M releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.1F and earlier releases in the 4.29.X train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\u003c/p\u003e\u003cp\u003eTo determine which hotfix to use, run \u201c\u003cb\u003eshow version\u003c/b\u003e\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\u003c/p\u003e\u003cdiv\u003eVersion: 1.0\u003cbr\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run \u201cshow version\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n\u00a0\n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n\u00a0\n\nFor instructions on installation and verification of the hotfix patch, refer to the \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\n\n\n"
}
],
"source": {
"advisory": "88",
"defect": [
"BUG829136",
"BUG765111"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe suggestion to prevent this issue is to remove any mirroring config\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eNo sessions created\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-3646",
"datePublished": "2023-08-29T16:31:57.668Z",
"dateReserved": "2023-07-12T17:53:27.986Z",
"dateUpdated": "2024-09-30T17:44:07.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 07:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | eos | * | |
| arista | eos | * | |
| arista | eos | * | |
| arista | eos | 4.25.0f | |
| arista | 7280cr3-32d4 | - | |
| arista | 7280cr3-32p4 | - | |
| arista | 7280cr3-36s | - | |
| arista | 7280cr3-96 | - | |
| arista | 7280cr3a-24d12 | - | |
| arista | 7280cr3a-48d6 | - | |
| arista | 7280cr3a-72 | - | |
| arista | 7280dr3-24 | - | |
| arista | 7280dr3a-36 | - | |
| arista | 7280dr3a-54 | - | |
| arista | 7280dr3ak-36 | - | |
| arista | 7280dr3ak-54 | - | |
| arista | 7280dr3am-36 | - | |
| arista | 7280dr3am-54 | - | |
| arista | 7280pr3-24 | - | |
| arista | 7280r3 | - | |
| arista | 7280sr3-40yc6 | - | |
| arista | 7280sr3-48yc8 | - | |
| arista | 7280tr3-40c6 | - | |
| arista | 7500r3-24d | - | |
| arista | 7500r3-24p | - | |
| arista | 7500r3-36cq | - | |
| arista | 7500r3k-36cq | - | |
| arista | 7500r3k-48y4d | - | |
| arista | 7504r3 | - | |
| arista | 7508r3 | - | |
| arista | 7512r3 | - | |
| arista | 7800r3-36d | - | |
| arista | 7800r3-36p | - | |
| arista | 7800r3-48cq | - | |
| arista | 7800r3a-36d | - | |
| arista | 7800r3a-36dm | - | |
| arista | 7800r3a-36p | - | |
| arista | 7800r3a-36pm | - | |
| arista | 7800r3ak-36dm | - | |
| arista | 7800r3ak-36pm | - | |
| arista | 7800r3k-36dm | - | |
| arista | 7800r3k-48cq | - | |
| arista | 7800r3k-48cqms | - | |
| arista | 7800r3k-72y7512r3 | - | |
| arista | 7808r3 | - | |
| arista | 7812r3 | - | |
| arista | 7816r3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F1F226-FDB1-4452-B166-D08635DAEC5B",
"versionEndIncluding": "4.22.13m",
"versionStartIncluding": "4.22.1f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BE6AE1-4649-4E0B-A4CA-2632CD400940",
"versionEndIncluding": "4.23.14m",
"versionStartIncluding": "4.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2909559A-6FB4-400C-A1AE-BF2B883F4964",
"versionEndIncluding": "4.24.11m",
"versionStartIncluding": "4.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*",
"matchCriteriaId": "37536357-7701-48BE-9751-9BADD8E4AAAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"id": "CVE-2023-24548",
"lastModified": "2024-11-21T07:48:06.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T17:15:11.790",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 08:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24F7B09D-0669-4855-A981-E462090A10F0",
"versionEndIncluding": "4.28.5.1m",
"versionStartIncluding": "4.28.2f",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50",
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
"matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A375EB2-6D78-4D81-AB8D-4AC501DC0A4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CA46EA-F9AE-42FA-A0D9-EDB82060AB6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9FD45E-2D76-43A0-AE2A-C6DC59C45984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"id": "CVE-2023-3646",
"lastModified": "2024-11-21T08:17:44.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T17:15:12.727",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}