Vulnerabilites related to arista - 7816r3
cve-2023-24509
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Arista Networks | Arista EOS |
Version: 4.23.0 4.23.13M Version: 4.28.0 < Version: 4.27.0 < Version: 4.286.0 < Version: 4.25.0 < Version: 4.24.0 < |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:56:04.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Arista EOS", vendor: "Arista Networks", versions: [ { status: "affected", version: "4.23.0 4.23.13M", }, { lessThanOrEqual: "4.28.3M", status: "affected", version: "4.28.0", versionType: "custom", }, { lessThanOrEqual: "4.27.6M", status: "affected", version: "4.27.0", versionType: "custom", }, { lessThanOrEqual: "4.26.8M", status: "affected", version: "4.286.0", versionType: "custom", }, { lessThanOrEqual: "4.25.9M", status: "affected", version: "4.25.0", versionType: "custom", }, { lessThanOrEqual: "4.24.10M", status: "affected", version: "4.24.0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", value: "In order to be vulnerable to CVE-2023-24509, the following conditions must be met:\n\nTwo supervisor modules must both be inserted and active. To determine the status of the supervisor modules,\n\nswitch#show module \nModule Ports Card Type Model Serial No.\n------- ----- ------------------------ ---------------- -----------\n1 3 DCS-7500-SUP2 Supervisor DCS-7500-SUP2 SSJ17133450\n2 2 Standby supervisor DCS-7500-SUP2 SSJ17133441\n \nModule Status Uptime Power off reason\n------- ------- ------- ----------------\n1 Active 0:24:58 N/A\n2 Standby 0:24:58 N/A\nSupervisor redundancy protocol must be configured with RPR(Route Processor Redundancy) or SSO (Stateful Switchover) on the switch. To determine the state and the current redundancy protocol of both supervisors on the switch,\n\nswitch#show redundancy status\n my state = ACTIVE\npeer state = STANDBY WARM\n Unit = Primary\n Unit ID = 1\n \nRedundancy Protocol (Operational) = Route Processor Redundancy\nRedundancy Protocol (Configured) = Route Processor Redundancy\nCommunications = Up\nReady for switchover\n \n Last switchover time = 7:23:56 ago\nLast switchover reason = Supervisor has control of the active supervisor lock", }, ], credits: [ { lang: "en", value: "Arista would like to acknowledge and thank Marc-André Labonté, Senior Information Security Analyst at Desjardins for responsibly reporting CVE-2023-24509.", }, ], datePublic: "2023-02-14T00:00:00", descriptions: [ { lang: "en", value: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-13T00:00:00", orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", shortName: "Arista", }, references: [ { url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082", }, ], solutions: [ { lang: "en", value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24509 has been fixed in the following releases:\n\n4.28.4M and later releases in the 4.28.x train\n4.27.7M and later releases in the 4.27.x train\n4.26.9M and later releases in the 4.26.x train\n4.25.10M and later releases in the 4.25.x train\n4.24.11M and later releases in the 4.24.x train", }, { lang: "en", value: "The following hotfix can be applied to remediate CVE-2023-24509. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.28.3M and below releases in the 4.28.x train\n4.27.6M and below releases in the 4.27.x train\n4.26.8M and below releases in the 4.26.x train\n4.25.9M and below releases in the 4.25.x train\n4.24.10M\n4.23.13M\nNote: Installing/uninstalling the SWIX will cause ConfigAgent to restart and disconnect existing CLI sessions.\n\nVersion: 1.0\n\nURL: SecurityAdvisory82_CVE-2023-24509_Hotfix.swix\n\nSWIX hash:\n\n(SHA-512)7833ab99e11cfea1ec28c09aedffd062cfc865a20a843ee6184caff1081e748c8a02590644d0c7b0e377027379cbaadc8b1a70d1c37097bf98c1bedb429dca56", }, ], source: { advisory: "82", defect: [ "723401", ], discovery: "EXTERNAL", }, title: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...", workarounds: [ { lang: "en", value: "The workaround is to disable “ssh” CLI command in unprivileged mode on the SSH client devices by using command authorization. This can be done with Role-Based Access Control (RBAC).\n\nIf the “ssh” CLI command is currently used to connect to a remote host, the destination address can be added to an allowlist with RBAC.", }, ], x_ConverterErrors: { TITLE: { error: "TITLE too long. Truncating in v5 record.", message: "Truncated!", }, }, x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", assignerShortName: "Arista", cveId: "CVE-2023-24509", datePublished: "2023-04-13T00:00:00", dateReserved: "2023-01-24T00:00:00", dateUpdated: "2024-08-02T10:56:04.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24548
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Arista Networks | EOS |
Version: 4.25.0F < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.1F < |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:03:18.834Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24548", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T17:34:44.954023Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T17:46:19.199Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "EOS", vendor: "Arista Networks", versions: [ { lessThanOrEqual: "=4.25.0F", status: "affected", version: "4.25.0F", versionType: "custom", }, { lessThanOrEqual: "<=4.24.11M", status: "affected", version: "4.24.0", versionType: "custom", }, { lessThanOrEqual: "<=4.23.14M", status: "affected", version: "4.23.0", versionType: "custom", }, { lessThanOrEqual: "<=4.22.13M", status: "affected", version: "4.22.1F", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><p><span style=\"background-color: transparent;\">In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:</span></p><br><p><span style=\"background-color: transparent;\">IP routing should be enabled:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">Switch> show running-config section ip routing</span></p><p><span style=\"background-color: transparent;\">ip routing</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN should be configured - a sample configuration is found below:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Loopback interface configuration</span></p><p><span style=\"background-color: transparent;\">switch> show running-config section loopback</span></p><p><span style=\"background-color: transparent;\">interface Loopback0</span></p><p><span style=\"background-color: transparent;\"> ip address 10.0.0.1/32</span></p><br><p><span style=\"background-color: transparent;\"># VXLAN VTEP configuration</span></p><p><span style=\"background-color: transparent;\">switch> show running-config section vxlan</span></p><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\"> vxlan source-interface Loopback0</span></p><p><span style=\"background-color: transparent;\"> vxlan udp-port 4789</span></p><p><span style=\"background-color: transparent;\"> vxlan flood vtep 10.0.0.2</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN extended VLAN or VNI must be routable - two examples are shown below:</span><span style=\"background-color: transparent;\"> </span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Overlay interface</span></p><p><span style=\"background-color: transparent;\">switch> show running-config section vlan</span></p><p><span style=\"background-color: transparent;\">vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Ethernet1/1</span></p><p><span style=\"background-color: transparent;\"> switchport access vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Vlan100</span></p><p><span style=\"background-color: transparent;\"> ip address 1.0.0.1/24</span></p><br><p><span style=\"background-color: transparent;\">Interface Vxlan1</span></p><p><span style=\"background-color: transparent;\"> vxlan vlan 100 vni 100000</span></p></td></tr></tbody></table></div><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch> show running-config section red</span></p><p><span style=\"background-color: transparent;\">vrf instance red</span></p><p><span style=\"background-color: transparent;\">ip routing vrf red</span></p><br><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\"> vxlan vrf red vni 200000</span></p></td></tr></tbody></table></div><br><br><p><span style=\"background-color: transparent;\">Whether such a configuration exists can be checked as follows:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch> show vxlan vni</span></p><p><span style=\"background-color: transparent;\">VNI to VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI VLAN Source Interface 802.1Q Tag</span></p><p><span style=\"background-color: transparent;\">------------ ---------- ------------ ----------------- ----------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100000</span><span style=\"background-color: transparent;\"> </span><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> static Ethernet1/1 untagged</span></p><p><span style=\"background-color: transparent;\"> Vxlan1 100</span></p><br><p><span style=\"background-color: transparent;\">VNI to dynamic VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI VLAN VRF Source</span></p><p><span style=\"background-color: transparent;\">------------ ---------- --------- ------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">200000</span><span style=\"background-color: transparent;\"> </span><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\"> red evpn</span></p><br><br><p><span style=\"background-color: transparent;\">switch> show vlan</span></p><p><span style=\"background-color: transparent;\">VLAN Name Status Ports</span></p><p><span style=\"background-color: transparent;\">----- -------------------------------- --------- -------------------------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> VLAN0100 active Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\">* VLAN1006 active Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><br><br><p><span style=\"background-color: transparent;\">switch> show ip interface brief</span></p><p><span style=\"background-color: transparent;\"> Address</span></p><p><span style=\"background-color: transparent;\">Interface IP Address Status Protocol MTU Owner</span></p><p><span style=\"background-color: transparent;\">----------------- --------------------- ------------ -------------- ----------- -------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan100</span><span style=\"background-color: transparent;\"> 1.0.0.1/24 </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> up 1500</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan1006</span><span style=\"background-color: transparent;\"> unassigned </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> up 10168</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">From the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.</span></p></b><br><br>", }, ], value: "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch> show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch> show running-config section loopback\n\ninterface Loopback0\n\n ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch> show running-config section vxlan\n\ninterface Vxlan1\n\n vxlan source-interface Loopback0\n\n vxlan udp-port 4789\n\n vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below: \n\n\n# Overlay interface\n\nswitch> show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n switchport access vlan 100\n\ninterface Vlan100\n\n ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n vxlan vlan 100 vni 100000\n\n\n\n\nswitch> show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch> show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI VLAN Source Interface 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 100 static Ethernet1/1 untagged\n\n Vxlan1 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI VLAN VRF Source\n\n------------ ---------- --------- ------------\n\n200000 1006 red evpn\n\n\n\nswitch> show vlan\n\nVLAN Name Status Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 VLAN0100 active Cpu, Vx1\n\n1006* VLAN1006 active Cpu, Vx1\n\n\n\nswitch> show ip interface brief\n\n Address\n\nInterface IP Address Status Protocol MTU Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 1.0.0.1/24 up up 1500\n\nVlan1006 unassigned up up 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n", }, ], datePublic: "2023-08-23T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><span style=\"background-color: transparent;\">On</span> <span style=\"background-color: transparent;\">affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.</span></b><br>", }, ], value: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n", }, ], impacts: [ { capecId: "CAPEC-583", descriptions: [ { lang: "en", value: "CAPEC-583 Disabling Network Hardware", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-29T16:13:10.451Z", orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", shortName: "Arista", }, references: [ { url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><p><span style=\"background-color: transparent;\">The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"><span style=\"background-color: transparent;\">EOS User Manual: Upgrades and Downgrades</span></a></p><br><p><span style=\"background-color: transparent;\">CVE-2023-24548 has been fixed in the following releases:</span></p><ul><li><p><span style=\"background-color: transparent;\">4.30.0F and later releases in the 4.30.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.29.0F and later releases in the 4.29.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.28.0F and later releases in the 4.28.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.27.0F and later releases in the 4.27.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.26.0F and later releases in the 4.26.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.25.1F and later releases in the 4.25.x train</span></p></li></ul><span style=\"background-color: transparent;\">No remediation is planned for EOS software versions that are beyond their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"><span style=\"background-color: transparent;\">standard EOS support lifecycle</span></a><span style=\"background-color: transparent;\"> (i.e. 4.22, 4.23).</span></b><br>", }, ], value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n * 4.30.0F and later releases in the 4.30.x train\n\n\n * 4.29.0F and later releases in the 4.29.x train\n\n\n * 4.28.0F and later releases in the 4.28.x train\n\n\n * 4.27.0F and later releases in the 4.27.x train\n\n\n * 4.26.0F and later releases in the 4.26.x train\n\n\n * 4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).\n", }, ], source: { advisory: "Security Advisory 89", defect: [ "828687", ], discovery: "INTERNAL", }, title: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><span style=\"background-color: transparent;\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</span></b><br>", }, ], value: "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", assignerShortName: "Arista", cveId: "CVE-2023-24548", datePublished: "2023-08-29T16:13:10.451Z", dateReserved: "2023-01-26T11:37:43.827Z", dateUpdated: "2024-09-30T17:46:19.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-3646
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Arista Networks | EOS |
Version: 4.28.2F < Version: 4.29.0 < |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:01:57.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-3646", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-30T17:34:25.757684Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-30T17:44:07.777Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "EOS", vendor: "Arista Networks", versions: [ { lessThanOrEqual: "4.28.5.1M ", status: "affected", version: "4.28.2F", versionType: "custom", }, { lessThanOrEqual: "4.29.1F", status: "affected", version: "4.29.0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><p><span style=\"background-color: transparent;\">Mirroring to multiple destinations must be configured:</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch(config)#show monitor session</span></p><br><p><span style=\"background-color: transparent;\">Session s1</span></p><p><span style=\"background-color: transparent;\">------------------------</span></p><br><p><span style=\"background-color: transparent;\">Sources:</span></p><br><p><span style=\"background-color: transparent;\">Both Interfaces: Et1/1</span></p><br><p><span style=\"background-color: transparent;\">Destination Ports:</span></p><br><p><span style=\"background-color: rgb(255, 255, 0);\"> Et9/1 : active</span></p><p><span style=\"background-color: rgb(255, 255, 0);\"> Et10/1 : active</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">In the above example two destinations, Et9/1 and Et10/1, are configured.</span></p><br><p><span style=\"background-color: transparent;\">Mirroring config must be added with mirror destination being ethernet port, example:</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch # show running-config | section monitor</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">monitor session APCON destination Ethernet54/1</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">In the above example the argument after destination is an Ethernet port.</span></p></b><br><br>", }, ], value: "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: Et1/1\n\n\nDestination Ports:\n\n\n Et9/1 : active\n\n Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n", }, ], datePublic: "2023-08-23T15:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.</span><br>", }, ], value: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n", }, ], impacts: [ { capecId: "CAPEC-603", descriptions: [ { lang: "en", value: "CAPEC-603 Blockage", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-29T16:31:57.668Z", orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", shortName: "Arista", }, references: [ { url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.<br>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><p>CVE-2023-3646 has been fixed in the following releases:</p><ul><li>4.28.6M and later releases in the 4.28.x train</li><li>4.29.2F and later releases in the 4.29.x train</li></ul>", }, ], value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n", }, { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<h3>Hotfix</h3><p>The following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):</p><ul><li>4.28.2F through 4.28.5.1M releases in the 4.28.x train</li><li>4.29.1F and earlier releases in the 4.29.X train</li></ul><p>Note: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.</p><p>To determine which hotfix to use, run “<b>show version</b>” from the CLI and refer to the “Architecture” Field.</p><div>Version: 1.0<br>URL: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\">SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix</a><pre>SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n</pre></div><div> </div><div>URL: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\">SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix</a><pre>SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n</pre></div><div> </div><p>For instructions on installation and verification of the hotfix patch, refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\">“managing eos extensions”</a> section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.</p><br>", }, ], value: "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run “show version” from the CLI and refer to the “Architecture” Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n \n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n \n\nFor instructions on installation and verification of the hotfix patch, refer to the “managing eos extensions” https://www.arista.com/en/um-eos/eos-managing-eos-extensions section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.\n\n\n", }, ], source: { advisory: "88", defect: [ "BUG829136", "BUG765111", ], discovery: "INTERNAL", }, title: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<b><p><span style=\"background-color: transparent;\">The suggestion to prevent this issue is to remove any mirroring config</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">#show monitor session</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">No sessions created</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">This example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.</span></p></b><br><br>", }, ], value: "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", assignerShortName: "Arista", cveId: "CVE-2023-3646", datePublished: "2023-08-29T16:31:57.668Z", dateReserved: "2023-07-12T17:53:27.986Z", dateUpdated: "2024-09-30T17:44:07.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24512
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2024-08-02 10:56
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Arista Networks | Terminattr |
Version: 1.23.0 Version: unspecified < Version: 1.24.0 < Version: 1.22.0 < |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:56:04.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Terminattr", vendor: "Arista Networks", versions: [ { status: "affected", version: "1.23.0", }, { lessThanOrEqual: "1.19.5", status: "affected", version: "unspecified", versionType: "custom", }, { lessThanOrEqual: "1.24.3", status: "affected", version: "1.24.0", versionType: "custom", }, { lessThanOrEqual: "1.22.1", status: "affected", version: "1.22.0", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", value: "In order to be vulnerable to CVE-2023-24512 the following conditions must be all be met:\n\nA vulnerable version of the Streaming Telemetry Agent must be installed on the switch. The version can be verified with the following commands:\n#show version detail | grep TerminAttr-core\nTerminAttr-core v1.13.3 1\n\nIn the above example, TerminAttr 1.13.3 is installed.\n\nThe agent must be running on the switch. This can be verified as follows on the switch:\nswitch# show daemon TerminAttr\nProcess: TerminAttr (running with PID 2430)\n\n\nThe Streaming Telemetry Agent must be configured to allow external connections using gRPC. This can be verified by the presence of the -grpcaddr option:\nswitch# daemon TerminAttr\n show active\ndaemon TerminAttr\n exec /usr/bin/TerminAttr -grpcaddr=... <other options...>", }, ], datePublic: "2023-04-25T00:00:00", descriptions: [ { lang: "en", value: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-25T00:00:00", orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", shortName: "Arista", }, references: [ { url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086", }, ], solutions: [ { lang: "en", value: "While the steps listed above resolve the issue, the recommended long term solution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nThere are two possible solutions:\n\nUpgrade the Streaming Telemetry Agent \nCustomers can upgrade the Streaming Telemetry Agent to a fixed version, following the directions in https://arista.my.site.com/AristaCommunity/s/article/terminattr-upgrade-downgrade. Fixes are available in the following supported release trains:\nTerminAttr 1.25.0 and later Terminattr versions\nUsers of 1.24.X and 1.23.X TerminAttr releases should upgrade to TerminAttr 1.25.0 or later.\nTerminAttr 1.22.2 and later version in the TerminAttr 1.22.X train\nTerminAttr 1.19.6 and later versions in the TerminAttr 1.19.X train\n", }, { lang: "en", value: "Upgrade EOS\nCustomers can upgrade to a version of EOS which contains a fixed version of the Streaming Telemetry Agent within the EOS image, as documented in https://www.arista.com/en/um-eos/eos-upgradedowngrade-overview:\nEOS 4.29.2F and later releases, which contains TerminAttr 1.25.0 or a more recent version\nEOS 4.28.6M and later releases in the 4.28.X train, which contains TerminAttr 1.22.2 or a more recent version\nEOS 4.27.9M and later releases in the 4.27.X train, which contains TerminAttr 1.19.6 or a more recent version\nEOS 4.26.10M and later releases in the 4.26.X train, which contains TerminAttr 1.19.6 or a more recent version\n", }, ], source: { advisory: "86", defect: [ "751697", ], discovery: "INTERNAL", }, title: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. ", workarounds: [ { lang: "en", value: "The streaming telemetry agent can be configured in gRPC read-only mode by specifying -grpcreadonly as part of its configuration. For instance as follows:\n\nswitch# daemon TerminAttr\n exec /usr/bin/TerminAttr -grpcreadonly -grpcaddr=... <other options...>\n no shutdown\n\n\nIf TerminAttr is running, it must be restarted for the configuration to take effect. This can be done as follows:\n\nswitch# daemon TerminAttr\n shutdown\n wait-for-warmup\n no shutdown", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", assignerShortName: "Arista", cveId: "CVE-2023-24512", datePublished: "2023-04-25T00:00:00", dateReserved: "2023-01-24T00:00:00", dateUpdated: "2024-08-02T10:56:04.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 08:17
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "24F7B09D-0669-4855-A981-E462090A10F0", versionEndIncluding: "4.28.5.1m", versionStartIncluding: "4.28.2f", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "24621B26-04A1-4693-BCB4-437544C08B50", versionEndExcluding: "4.29.2f", versionStartIncluding: "4.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*", matchCriteriaId: "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*", matchCriteriaId: "43B967ED-2212-4558-A9AC-ACA94C94FD39", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*", matchCriteriaId: "CD7877C6-9DE4-4952-94D2-3A456D02CF1A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*", matchCriteriaId: "2FD635FB-5EA8-4B02-894C-4C016090AAB3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*", matchCriteriaId: "DC1F6DBC-212F-4E0B-B039-06955322B0D7", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*", matchCriteriaId: "BC474A71-8D2F-4138-9D65-E2F86B0B62DC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*", matchCriteriaId: "1943057A-5776-4B20-97C7-03CE14AEA367", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*", matchCriteriaId: "1AE86A14-76ED-4427-94CC-7BF335BB9369", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*", matchCriteriaId: "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*", matchCriteriaId: "4EA04EA0-170A-4B79-96B8-8F09D6FFC261", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", matchCriteriaId: "60FC964C-9835-443A-A584-3A5D6022E914", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*", matchCriteriaId: "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*", matchCriteriaId: "939772F0-4352-46C1-B6D5-38FA12EBF6E1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*", matchCriteriaId: "0A375EB2-6D78-4D81-AB8D-4AC501DC0A4F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*", matchCriteriaId: "E8CA46EA-F9AE-42FA-A0D9-EDB82060AB6D", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*", matchCriteriaId: "6F9FD45E-2D76-43A0-AE2A-C6DC59C45984", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*", matchCriteriaId: "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*", matchCriteriaId: "1E49B089-AE52-4B47-A3B4-547D10ACED9A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*", matchCriteriaId: "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*", matchCriteriaId: "58443CDE-33D8-4460-A861-CDC07431AA22", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*", matchCriteriaId: "26FDC60C-860F-40BD-AF13-54712B56C87F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "70658CB0-D114-40E5-866D-B21875FFF93C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*", matchCriteriaId: "E6BBA281-F67E-4D13-BDCD-E1164912EC8C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*", matchCriteriaId: "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "ABAC894C-D39E-4BB2-A968-E2F23C299A29", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*", matchCriteriaId: "64BE8C68-FE98-4162-A3D3-54494D5444F5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*", matchCriteriaId: "9615121C-4EC0-44F5-8C00-E70271CC04A2", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*", matchCriteriaId: "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n", }, ], id: "CVE-2023-3646", lastModified: "2024-11-21T08:17:44.693", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@arista.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-29T17:15:12.727", references: [ { source: "psirt@arista.com", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088", }, ], sourceIdentifier: "psirt@arista.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "psirt@arista.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-25 21:15
Modified
2024-11-21 07:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
References
▼ | URL | Tags | |
---|---|---|---|
psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 | Exploit, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 | Exploit, Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "341CA00E-8BDE-4BF9-90D4-7B07FC484D18", versionEndExcluding: "4.26.10m", versionStartIncluding: "4.26.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "00A7CEC1-C298-4AEE-A079-550167C2AA3A", versionEndExcluding: "4.27.9m", versionStartIncluding: "4.27.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "32D876FE-C639-4870-A412-0239EA0155D0", versionEndExcluding: "4.28.6m", versionStartIncluding: "4.28.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "24621B26-04A1-4693-BCB4-437544C08B50", versionEndExcluding: "4.29.2f", versionStartIncluding: "4.29.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:32qd:-:*:*:*:*:*:*:*", matchCriteriaId: "4184EB8C-5972-413F-A6CD-B1365D242B41", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:48ehs:-:*:*:*:*:*:*:*", matchCriteriaId: "FED3033F-6AFD-462B-BED4-032D84D41068", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:48lbas:-:*:*:*:*:*:*:*", matchCriteriaId: "8EDFE460-5163-4A86-BFDE-7F0FA8EC96D1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:48lbs:-:*:*:*:*:*:*:*", matchCriteriaId: "8C680AE5-0810-4A0C-9234-405F2A879F87", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:48s6qd:-:*:*:*:*:*:*:*", matchCriteriaId: "38A296BD-4449-447C-AF27-F6C033C686D6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7010t-48:-:*:*:*:*:*:*:*", matchCriteriaId: "4CCF6152-815E-4B3C-AE4B-CA598BEBD020", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:*", matchCriteriaId: "7781CB15-3452-47D9-A961-8B09F2E9AEC1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:*", matchCriteriaId: "09A31FB8-512E-43EF-8F87-E02E35F5251E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:*", matchCriteriaId: "2CBFF922-28D7-42D6-8796-91AD9A178D28", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:*", matchCriteriaId: "561B4042-DFD3-4BC0-9C5F-74799A7E92C5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "828C6E4F-814A-4060-8F5E-7FF359C8739C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "253D74DE-97F5-40F3-B179-D2D4442C57FD", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "75E03F9E-522F-4D9B-9267-09E2550B5465", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*", matchCriteriaId: "895A7AFD-BE76-47F5-B67B-6279046E4274", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*", matchCriteriaId: "74E258EC-EA50-4185-AA35-5D963C359E74", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*", matchCriteriaId: "1482D4FC-60B9-4C89-B892-71AA3E1031F3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*", matchCriteriaId: "C99D84E9-2229-459E-AE90-49C2EF670884", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*", matchCriteriaId: "D922C725-1139-4DD4-92FC-9FF15E35CE62", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*", matchCriteriaId: "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*", matchCriteriaId: "07BA078E-30B7-4E2C-B240-BF64E98143E9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*", matchCriteriaId: "EBFD0706-CACB-40FA-A41B-46B39C6E1D33", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "5951D243-CB68-4B41-A913-D879CE502795", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "73156612-D338-4E20-8C82-0E65DAA72331", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*", matchCriteriaId: "78E7CDCC-ADC6-4854-BFC4-72DA47C5F10B", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*", matchCriteriaId: "2B03678D-AD7B-4B1A-8E6A-1811DD8B1483", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*", matchCriteriaId: "E803639C-13A1-48CA-A589-C83654AE454F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*", matchCriteriaId: "A495D282-D3DC-4D18-AB72-2358834C238E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*", matchCriteriaId: "388C57D8-4B3C-4E5D-84AA-0CB7506F825A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "D518C8D5-A86B-46E5-A646-8939BFA2E116", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*", matchCriteriaId: "A1608297-7079-4F3B-857E-708B74E944D9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*", matchCriteriaId: "806A01C5-231D-4F9D-A292-E9DD706A0C66", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*", matchCriteriaId: "AC10746F-8FC0-49EF-BB9C-EC49B734DFA3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*", matchCriteriaId: "26582E98-B710-46D7-B8F2-9286E0592FA6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*", matchCriteriaId: "EFFA321D-F4A5-434C-BB39-D2B2687001D6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*", matchCriteriaId: "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*", matchCriteriaId: "3264E086-4E90-41D0-8583-8FCF3CE4885D", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7150s-24:-:*:*:*:*:*:*:*", matchCriteriaId: "93D74C0B-E470-4D45-98E2-775DE43997DF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7150s-52:-:*:*:*:*:*:*:*", matchCriteriaId: "1B2CAA23-003C-43E6-87CE-61E4369C2D30", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7150s-64:-:*:*:*:*:*:*:*", matchCriteriaId: "F7445075-D130-472C-B259-6BACE678541D", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7150sc-24:-:*:*:*:*:*:*:*", matchCriteriaId: "EF3FA52A-3A67-4515-9790-598860102893", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7150sc-64:-:*:*:*:*:*:*:*", matchCriteriaId: "6336F166-FAD3-4846-84B9-45F5FAA3D437", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7160-32cq:-:*:*:*:*:*:*:*", matchCriteriaId: "7620401C-FB14-46F1-979B-B21194F90945", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7160-48tc6:-:*:*:*:*:*:*:*", matchCriteriaId: "07DFC236-44B3-4EEF-8937-4F86EE99EB45", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7160-48yc6:-:*:*:*:*:*:*:*", matchCriteriaId: "823E5569-C918-40E6-A2C5-7C415E4ADEF5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "E8EFEEA5-0FC4-4FFC-BF5D-BDBAA1B55C70", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*", matchCriteriaId: "B2959C68-8731-4F37-B9E7-61E5936D3D8E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*", matchCriteriaId: "D6FB3395-8D13-4477-A46E-37A88272CFAB", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7170b-64c:-:*:*:*:*:*:*:*", matchCriteriaId: "7EE3572E-A724-4057-8776-7A95528DCEE7", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720df-48y:-:*:*:*:*:*:*:*", matchCriteriaId: "B8FCDB83-38D5-4F02-97E2-BBEF891DCDD7", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720dp-24s:-:*:*:*:*:*:*:*", matchCriteriaId: "80EAF795-EB62-4A86-A0FC-A09008E631A6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720dp-48s:-:*:*:*:*:*:*:*", matchCriteriaId: "EA03BA0B-BB2D-41CF-BA2E-B21604D6FBC1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720dt-24s:-:*:*:*:*:*:*:*", matchCriteriaId: "3AE185FD-0D4D-4862-B513-BC68BF3F9F7E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720dt-48s:-:*:*:*:*:*:*:*", matchCriteriaId: "46C2150F-2FD6-452F-8C56-7413E3EB8FDC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*", matchCriteriaId: "58757129-BF9C-4BD8-B692-BB57023F8A48", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*", matchCriteriaId: "2756BB4B-1053-4EAC-AC0B-785FD5039D5F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*", matchCriteriaId: "40D36540-7723-4284-A207-6BD27728CA25", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*", matchCriteriaId: "DF95CB28-E010-4A1D-A746-F9DDF015868F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*", matchCriteriaId: "0DD95B3B-D655-42DC-85C2-2C6FDBCC77F1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*", matchCriteriaId: "E40D14DE-BAFB-461F-9AA7-E3EDC2D8D468", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*", matchCriteriaId: "901E5B76-0EB7-4EAD-A281-15B9F78041AB", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*", matchCriteriaId: "EE1DE992-9BFA-4794-82F4-66F464BB384E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7260sx2:-:*:*:*:*:*:*:*", matchCriteriaId: "58296832-AA93-4EAE-96BD-28EC368F8391", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*", matchCriteriaId: "5F569286-C19F-48CB-AB24-89C4A1EB6F81", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*", matchCriteriaId: "16CB1780-6DEC-4140-A771-9139C77A8A88", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*", matchCriteriaId: "11DE9CB6-4453-4EED-B7FC-6374F9225B83", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*", matchCriteriaId: "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*", matchCriteriaId: "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*", matchCriteriaId: "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*", matchCriteriaId: "4057906A-B27B-4B53-97F6-3F5F35794990", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*", matchCriteriaId: "DDF8A65D-6FBC-4C38-8B45-418E6C5EB16C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*", matchCriteriaId: "8F088D51-24F4-49AD-8397-73D1EAF45F56", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*", matchCriteriaId: "69BA5C6D-40C0-4AA3-AC10-D7F097D8EDD9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "0040BDDF-D711-4619-9E96-96EFBD33CAA0", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*", matchCriteriaId: "D4AA716D-CAD1-4689-8A26-977A2E5F869E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "5AD08CBF-6F42-4F98-B413-F65C5613BE6B", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7358x4:-:*:*:*:*:*:*:*", matchCriteriaId: "DBC38094-A539-425D-A2B6-770FAF0FC3C4", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*", matchCriteriaId: "161DB0D9-9BAC-4546-88D3-5547F4B6149C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*", matchCriteriaId: "B66E706E-56FB-4A49-BD90-76A8CB6BE391", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*", matchCriteriaId: "A54F3D32-5A07-4791-90BF-96BD8A24C2F6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:96lbs:-:*:*:*:*:*:*:*", matchCriteriaId: "FBAE5B17-52F9-4FDD-BD65-AA0C1ADB4806", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7010tx-48:-:*:*:*:*:*:*:*", matchCriteriaId: "9CB43CD4-C96F-483C-B743-3D81C9A65EDF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500-12cq-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "CCCC3EC2-D68C-49E5-8E72-35F16853CA04", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "30D363C8-7D75-4EA7-B5BC-566C1C9ECE96", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500e-36q-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "6E0CD14C-E2C8-4EEC-AAD9-E2428E8610DC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500e-48s-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "ACD40F1C-32AA-42DF-9378-724CD949127B", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "4DB63C0B-D27A-4CB4-B379-570C0DC8B958", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500e-72s-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "2468E734-5CA3-4293-A806-358FE659AEA6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "52C4EAF7-6FD7-477A-B4BE-DE5920BF7BBA", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500r-36q-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "ABA8BEE5-9EDC-4BAC-AB7C-4F9E6680388B", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:*:*:*:*:*:*:*", matchCriteriaId: "DB68705B-A8A5-49AB-AC53-02B311900F7D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:arista:ceos-lab:*:*:*:*:*:*:*:*", matchCriteriaId: "2260519E-FB90-4924-95E7-1FCC34C4B38B", vulnerable: true, }, { criteria: "cpe:2.3:a:arista:cloudeos:-:*:*:*:*:*:*:*", matchCriteriaId: "362F2E0F-3D40-444F-87F3-21CA70B1AD04", vulnerable: true, }, { criteria: "cpe:2.3:a:arista:veos-lab:-:*:*:*:*:*:*:*", matchCriteriaId: "04B29E15-3CFB-45EC-B252-8F02CC1E589C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision", }, ], id: "CVE-2023-24512", lastModified: "2024-11-21T07:48:01.437", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@arista.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-25T21:15:10.190", references: [ { source: "psirt@arista.com", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086", }, ], sourceIdentifier: "psirt@arista.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@arista.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 07:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
arista | eos | * | |
arista | eos | * | |
arista | eos | * | |
arista | eos | 4.25.0f | |
arista | 7280cr3-32d4 | - | |
arista | 7280cr3-32p4 | - | |
arista | 7280cr3-36s | - | |
arista | 7280cr3-96 | - | |
arista | 7280cr3a-24d12 | - | |
arista | 7280cr3a-48d6 | - | |
arista | 7280cr3a-72 | - | |
arista | 7280dr3-24 | - | |
arista | 7280dr3a-36 | - | |
arista | 7280dr3a-54 | - | |
arista | 7280dr3ak-36 | - | |
arista | 7280dr3ak-54 | - | |
arista | 7280dr3am-36 | - | |
arista | 7280dr3am-54 | - | |
arista | 7280pr3-24 | - | |
arista | 7280r3 | - | |
arista | 7280sr3-40yc6 | - | |
arista | 7280sr3-48yc8 | - | |
arista | 7280tr3-40c6 | - | |
arista | 7500r3-24d | - | |
arista | 7500r3-24p | - | |
arista | 7500r3-36cq | - | |
arista | 7500r3k-36cq | - | |
arista | 7500r3k-48y4d | - | |
arista | 7504r3 | - | |
arista | 7508r3 | - | |
arista | 7512r3 | - | |
arista | 7800r3-36d | - | |
arista | 7800r3-36p | - | |
arista | 7800r3-48cq | - | |
arista | 7800r3a-36d | - | |
arista | 7800r3a-36dm | - | |
arista | 7800r3a-36p | - | |
arista | 7800r3a-36pm | - | |
arista | 7800r3ak-36dm | - | |
arista | 7800r3ak-36pm | - | |
arista | 7800r3k-36dm | - | |
arista | 7800r3k-48cq | - | |
arista | 7800r3k-48cqms | - | |
arista | 7800r3k-72y7512r3 | - | |
arista | 7808r3 | - | |
arista | 7812r3 | - | |
arista | 7816r3 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "A9F1F226-FDB1-4452-B166-D08635DAEC5B", versionEndIncluding: "4.22.13m", versionStartIncluding: "4.22.1f", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "13BE6AE1-4649-4E0B-A4CA-2632CD400940", versionEndIncluding: "4.23.14m", versionStartIncluding: "4.23.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "2909559A-6FB4-400C-A1AE-BF2B883F4964", versionEndIncluding: "4.24.11m", versionStartIncluding: "4.24.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*", matchCriteriaId: "37536357-7701-48BE-9751-9BADD8E4AAAF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*", matchCriteriaId: "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*", matchCriteriaId: "43B967ED-2212-4558-A9AC-ACA94C94FD39", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*", matchCriteriaId: "CD7877C6-9DE4-4952-94D2-3A456D02CF1A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*", matchCriteriaId: "2FD635FB-5EA8-4B02-894C-4C016090AAB3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*", matchCriteriaId: "DC1F6DBC-212F-4E0B-B039-06955322B0D7", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*", matchCriteriaId: "BC474A71-8D2F-4138-9D65-E2F86B0B62DC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*", matchCriteriaId: "1943057A-5776-4B20-97C7-03CE14AEA367", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*", matchCriteriaId: "1AE86A14-76ED-4427-94CC-7BF335BB9369", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*", matchCriteriaId: "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*", matchCriteriaId: "4EA04EA0-170A-4B79-96B8-8F09D6FFC261", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", matchCriteriaId: "60FC964C-9835-443A-A584-3A5D6022E914", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*", matchCriteriaId: "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*", matchCriteriaId: "939772F0-4352-46C1-B6D5-38FA12EBF6E1", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*", matchCriteriaId: "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*", matchCriteriaId: "1E49B089-AE52-4B47-A3B4-547D10ACED9A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*", matchCriteriaId: "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*", matchCriteriaId: "58443CDE-33D8-4460-A861-CDC07431AA22", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*", matchCriteriaId: "26FDC60C-860F-40BD-AF13-54712B56C87F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "70658CB0-D114-40E5-866D-B21875FFF93C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*", matchCriteriaId: "E6BBA281-F67E-4D13-BDCD-E1164912EC8C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*", matchCriteriaId: "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "ABAC894C-D39E-4BB2-A968-E2F23C299A29", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*", matchCriteriaId: "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*", matchCriteriaId: "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*", matchCriteriaId: "64BE8C68-FE98-4162-A3D3-54494D5444F5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*", matchCriteriaId: "9615121C-4EC0-44F5-8C00-E70271CC04A2", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*", matchCriteriaId: "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n", }, ], id: "CVE-2023-24548", lastModified: "2024-11-21T07:48:06.157", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@arista.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-29T17:15:11.790", references: [ { source: "psirt@arista.com", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", }, ], sourceIdentifier: "psirt@arista.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "psirt@arista.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-13 20:15
Modified
2024-11-21 07:48
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
References
▼ | URL | Tags | |
---|---|---|---|
psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082 | Exploit, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082 | Exploit, Mitigation, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
arista | eos | * | |
arista | eos | * | |
arista | eos | * | |
arista | eos | * | |
arista | eos | * | |
arista | eos | * | |
arista | 704x3 | - | |
arista | 7304x | - | |
arista | 7304x3 | - | |
arista | 7308x | - | |
arista | 7316x | - | |
arista | 7324x | - | |
arista | 7328x | - | |
arista | 7504r | - | |
arista | 7504r3 | - | |
arista | 7508r | - | |
arista | 7508r3 | - | |
arista | 7512r | - | |
arista | 7512r3 | - | |
arista | 7516r | - | |
arista | 755x | - | |
arista | 758x | - | |
arista | 7804r3 | - | |
arista | 7808r3 | - | |
arista | 7812r3 | - | |
arista | 7816r3 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "498704F8-24D4-48C9-A5CB-4A8F7054AA49", versionEndIncluding: "4.23.13m", versionStartIncluding: "4.23", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8923F137-B1BA-49FF-A100-AD357966EE4F", versionEndExcluding: "4.24.11m", versionStartIncluding: "4.24.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "4D6EA8CE-BAA4-4B4D-8A9F-A65018FC6B3A", versionEndExcluding: "4.25.10m", versionStartIncluding: "4.25.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "659190E5-DFB0-4172-BD6F-1B9E22533CE5", versionEndExcluding: "4.26.9m", versionStartIncluding: "4.26.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "20966F67-1C70-458C-A4EF-02612345DE48", versionEndExcluding: "4.27.7m", versionStartIncluding: "4.27.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "1F57FAA3-518C-498C-9580-19A207C8F176", versionEndExcluding: "4.28.4m", versionStartIncluding: "4.28.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:arista:704x3:-:*:*:*:*:*:*:*", matchCriteriaId: "D7C0C33F-72A7-41CA-A666-1CEC9F0FE02F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7304x:-:*:*:*:*:*:*:*", matchCriteriaId: "65C6E0C9-7F81-4CE3-BD46-7939667E5969", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*", matchCriteriaId: "78FE473B-CA6E-4E8D-8DBF-676B1ECBB185", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7308x:-:*:*:*:*:*:*:*", matchCriteriaId: "B7A8ABF1-ADF4-474D-B01B-8BB271E1263E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7316x:-:*:*:*:*:*:*:*", matchCriteriaId: "73ECE6D6-12E5-4396-9C19-3B2E08E13147", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*", matchCriteriaId: "B8862F74-E399-41EE-A081-62D99A7C1755", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*", matchCriteriaId: "8F16261D-639F-4CAB-BDA6-EF3F277E663C", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7504r:-:*:*:*:*:*:*:*", matchCriteriaId: "CD1F369D-93BF-4259-99F5-97FBEF79BBA5", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7508r:-:*:*:*:*:*:*:*", matchCriteriaId: "F35978B6-889C-47DB-971B-B2A12FF537E0", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7512r:-:*:*:*:*:*:*:*", matchCriteriaId: "2360E039-5F12-4210-8578-7EBDA4575A6E", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7516r:-:*:*:*:*:*:*:*", matchCriteriaId: "3D45E5E5-7EB9-41E7-8EEE-570E6646EDDD", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:755x:-:*:*:*:*:*:*:*", matchCriteriaId: "585E3617-2B1F-4E58-853A-0E9703B91B80", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:758x:-:*:*:*:*:*:*:*", matchCriteriaId: "13B1D90C-73CC-49A2-B202-B07D96226729", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*", matchCriteriaId: "A54F3D32-5A07-4791-90BF-96BD8A24C2F6", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758", vulnerable: false, }, { criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.", }, ], id: "CVE-2023-24509", lastModified: "2024-11-21T07:48:00.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 6, source: "psirt@arista.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-04-13T20:15:08.843", references: [ { source: "psirt@arista.com", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082", }, ], sourceIdentifier: "psirt@arista.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "psirt@arista.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }