Vulnerabilites related to arista - 7816r3
cve-2023-24509
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2024-08-02 10:56
Severity ?
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
Impacted products
Vendor Product Version
Arista Networks Arista EOS Version: 4.23.0 4.23.13M
Version: 4.28.0   <
Version: 4.27.0   <
Version: 4.286.0   <
Version: 4.25.0   <
Version: 4.24.0   <
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:56:04.282Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Arista EOS",
               vendor: "Arista Networks",
               versions: [
                  {
                     status: "affected",
                     version: "4.23.0 4.23.13M",
                  },
                  {
                     lessThanOrEqual: "4.28.3M",
                     status: "affected",
                     version: "4.28.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "4.27.6M",
                     status: "affected",
                     version: "4.27.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "4.26.8M",
                     status: "affected",
                     version: "4.286.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "4.25.9M",
                     status: "affected",
                     version: "4.25.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "4.24.10M",
                     status: "affected",
                     version: "4.24.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               value: "In order to be vulnerable to CVE-2023-24509, the following conditions must be met:\n\nTwo supervisor modules must both be inserted and active. To determine the status of the supervisor modules,\n\nswitch#show module \nModule  Ports Card Type                Model            Serial No.\n------- ----- ------------------------ ---------------- -----------\n1       3     DCS-7500-SUP2 Supervisor DCS-7500-SUP2    SSJ17133450\n2       2     Standby supervisor       DCS-7500-SUP2    SSJ17133441\n \nModule  Status  Uptime  Power off reason\n------- ------- ------- ----------------\n1       Active  0:24:58 N/A\n2       Standby 0:24:58 N/A\nSupervisor redundancy protocol must be configured with RPR(Route Processor Redundancy) or SSO (Stateful Switchover) on the switch. To determine the state and the current redundancy protocol of both supervisors on the switch,\n\nswitch#show redundancy status\n  my state = ACTIVE\npeer state = STANDBY WARM\n      Unit = Primary\n   Unit ID = 1\n   \nRedundancy Protocol (Operational) = Route Processor Redundancy\nRedundancy Protocol (Configured) = Route Processor Redundancy\nCommunications = Up\nReady for switchover\n   \n  Last switchover time = 7:23:56 ago\nLast switchover reason = Supervisor has control of the active supervisor lock",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Arista would like to acknowledge and thank Marc-André Labonté, Senior Information Security Analyst at Desjardins for responsibly reporting CVE-2023-24509.",
            },
         ],
         datePublic: "2023-02-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 9.3,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-269",
                     description: "CWE-269 Improper Privilege Management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-13T00:00:00",
            orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
            shortName: "Arista",
         },
         references: [
            {
               url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24509 has been fixed in the following releases:\n\n4.28.4M and later releases in the 4.28.x train\n4.27.7M and later releases in the 4.27.x train\n4.26.9M and later releases in the 4.26.x train\n4.25.10M and later releases in the 4.25.x train\n4.24.11M and later releases in the 4.24.x train",
            },
            {
               lang: "en",
               value: "The following hotfix can be applied to remediate CVE-2023-24509. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.28.3M and below releases in the 4.28.x train\n4.27.6M and below releases in the 4.27.x train\n4.26.8M and below releases in the 4.26.x train\n4.25.9M and below releases in the 4.25.x train\n4.24.10M\n4.23.13M\nNote: Installing/uninstalling the SWIX will cause ConfigAgent to restart and disconnect existing CLI sessions.\n\nVersion: 1.0\n\nURL: SecurityAdvisory82_CVE-2023-24509_Hotfix.swix\n\nSWIX hash:\n\n(SHA-512)7833ab99e11cfea1ec28c09aedffd062cfc865a20a843ee6184caff1081e748c8a02590644d0c7b0e377027379cbaadc8b1a70d1c37097bf98c1bedb429dca56",
            },
         ],
         source: {
            advisory: "82",
            defect: [
               "723401",
            ],
            discovery: "EXTERNAL",
         },
         title: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...",
         workarounds: [
            {
               lang: "en",
               value: "The workaround is to disable “ssh” CLI command in unprivileged mode on the SSH client devices by using command authorization. This can be done with Role-Based Access Control (RBAC).\n\nIf the “ssh” CLI command is currently used to connect to a remote host, the destination address can be added to an allowlist with RBAC.",
            },
         ],
         x_ConverterErrors: {
            TITLE: {
               error: "TITLE too long. Truncating in v5 record.",
               message: "Truncated!",
            },
         },
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
      assignerShortName: "Arista",
      cveId: "CVE-2023-24509",
      datePublished: "2023-04-13T00:00:00",
      dateReserved: "2023-01-24T00:00:00",
      dateUpdated: "2024-08-02T10:56:04.282Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-24548
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
Impacted products
Vendor Product Version
Arista Networks EOS Version: 4.25.0F   <
Version: 4.24.0   <
Version: 4.23.0   <
Version: 4.22.1F   <
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T11:03:18.834Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-24548",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-30T17:34:44.954023Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-30T17:46:19.199Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "EOS",
               vendor: "Arista Networks",
               versions: [
                  {
                     lessThanOrEqual: "=4.25.0F",
                     status: "affected",
                     version: "4.25.0F",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "<=4.24.11M",
                     status: "affected",
                     version: "4.24.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "<=4.23.14M",
                     status: "affected",
                     version: "4.23.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "<=4.22.13M",
                     status: "affected",
                     version: "4.22.1F",
                     versionType: "custom",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><p><span style=\"background-color: transparent;\">In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:</span></p><br><p><span style=\"background-color: transparent;\">IP routing should be enabled:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">Switch&gt; show running-config section ip routing</span></p><p><span style=\"background-color: transparent;\">ip routing</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN should be configured - a sample configuration is found below:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Loopback interface configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section loopback</span></p><p><span style=\"background-color: transparent;\">interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 10.0.0.1/32</span></p><br><p><span style=\"background-color: transparent;\"># VXLAN VTEP configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vxlan</span></p><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan source-interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan udp-port 4789</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan flood vtep 10.0.0.2</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN extended VLAN or VNI must be routable - two examples are shown below:</span><span style=\"background-color: transparent;\">&nbsp;</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Overlay interface</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vlan</span></p><p><span style=\"background-color: transparent;\">vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Ethernet1/1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;switchport access vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Vlan100</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 1.0.0.1/24</span></p><br><p><span style=\"background-color: transparent;\">Interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; vxlan vlan 100 vni 100000</span></p></td></tr></tbody></table></div><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show running-config section red</span></p><p><span style=\"background-color: transparent;\">vrf instance red</span></p><p><span style=\"background-color: transparent;\">ip routing vrf red</span></p><br><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan vrf red vni 200000</span></p></td></tr></tbody></table></div><br><br><p><span style=\"background-color: transparent;\">Whether such a configuration exists can be checked as follows:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show vxlan vni</span></p><p><span style=\"background-color: transparent;\">VNI to VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; Source &nbsp; &nbsp; &nbsp; Interface &nbsp; &nbsp; &nbsp; &nbsp; 802.1Q Tag</span></p><p><span style=\"background-color: transparent;\">------------ ---------- ------------ ----------------- ----------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; static &nbsp; &nbsp; &nbsp; Ethernet1/1 &nbsp; &nbsp; &nbsp; untagged</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vxlan1  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 100</span></p><br><p><span style=\"background-color: transparent;\">VNI to dynamic VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; VRF &nbsp; &nbsp; &nbsp; Source</span></p><p><span style=\"background-color: transparent;\">------------ ---------- --------- ------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">200000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; red &nbsp; &nbsp; &nbsp; evpn</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show vlan</span></p><p><span style=\"background-color: transparent;\">VLAN  Name &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status  &nbsp; Ports</span></p><p><span style=\"background-color: transparent;\">----- -------------------------------- --------- -------------------------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> &nbsp; VLAN0100 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\">* VLAN1006 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show ip interface brief</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Address</span></p><p><span style=\"background-color: transparent;\">Interface &nbsp; &nbsp; &nbsp; &nbsp; IP Address  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; &nbsp; &nbsp; Protocol  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MTU  &nbsp; Owner</span></p><p><span style=\"background-color: transparent;\">----------------- --------------------- ------------ -------------- ----------- -------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan100</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1.0.0.1/24  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1500</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan1006</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unassigned  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10168</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">From the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.</span></p></b><br><br>",
                  },
               ],
               value: "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch> show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch> show running-config section loopback\n\ninterface Loopback0\n\n   ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch> show running-config section vxlan\n\ninterface Vxlan1\n\n   vxlan source-interface Loopback0\n\n   vxlan udp-port 4789\n\n   vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below: \n\n\n# Overlay interface\n\nswitch> show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n   switchport access vlan 100\n\ninterface Vlan100\n\n   ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n  vxlan vlan 100 vni 100000\n\n\n\n\nswitch> show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n   vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch> show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI          VLAN       Source       Interface         802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000       100        static       Ethernet1/1       untagged\n\n                                     Vxlan1            100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI          VLAN       VRF       Source\n\n------------ ---------- --------- ------------\n\n200000       1006       red       evpn\n\n\n\nswitch> show vlan\n\nVLAN  Name                             Status    Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100   VLAN0100                         active    Cpu, Vx1\n\n1006* VLAN1006                         active    Cpu, Vx1\n\n\n\nswitch> show ip interface brief\n\n                                                                               Address\n\nInterface         IP Address            Status       Protocol            MTU    Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100           1.0.0.1/24            up           up                 1500\n\nVlan1006          unassigned            up           up                10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n",
            },
         ],
         datePublic: "2023-08-23T15:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><span style=\"background-color: transparent;\">On</span> <span style=\"background-color: transparent;\">affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.</span></b><br>",
                  },
               ],
               value: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-583",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-583 Disabling Network Hardware",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-120",
                     description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-29T16:13:10.451Z",
            orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
            shortName: "Arista",
         },
         references: [
            {
               url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089",
            },
         ],
         solutions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><p><span style=\"background-color: transparent;\">The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"><span style=\"background-color: transparent;\">EOS User Manual: Upgrades and Downgrades</span></a></p><br><p><span style=\"background-color: transparent;\">CVE-2023-24548 has been fixed in the following releases:</span></p><ul><li><p><span style=\"background-color: transparent;\">4.30.0F and later releases in the 4.30.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.29.0F and later releases in the 4.29.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.28.0F and later releases in the 4.28.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.27.0F and later releases in the 4.27.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.26.0F and later releases in the 4.26.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.25.1F and later releases in the 4.25.x train</span></p></li></ul><span style=\"background-color: transparent;\">No remediation is planned for EOS software versions that are beyond their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"><span style=\"background-color: transparent;\">standard EOS support lifecycle</span></a><span style=\"background-color: transparent;\"> (i.e. 4.22, 4.23).</span></b><br>",
                  },
               ],
               value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n  *  4.30.0F and later releases in the 4.30.x train\n\n\n  *  4.29.0F and later releases in the 4.29.x train\n\n\n  *  4.28.0F and later releases in the 4.28.x train\n\n\n  *  4.27.0F and later releases in the 4.27.x train\n\n\n  *  4.26.0F and later releases in the 4.26.x train\n\n\n  *  4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their  standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy  (i.e. 4.22, 4.23).\n",
            },
         ],
         source: {
            advisory: "Security Advisory 89",
            defect: [
               "828687",
            ],
            discovery: "INTERNAL",
         },
         title: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets",
         workarounds: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><span style=\"background-color: transparent;\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</span></b><br>",
                  },
               ],
               value: "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
      assignerShortName: "Arista",
      cveId: "CVE-2023-24548",
      datePublished: "2023-08-29T16:13:10.451Z",
      dateReserved: "2023-01-26T11:37:43.827Z",
      dateUpdated: "2024-09-30T17:46:19.199Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-3646
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
Impacted products
Vendor Product Version
Arista Networks EOS Version: 4.28.2F   <
Version: 4.29.0   <
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T07:01:57.478Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-3646",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-30T17:34:25.757684Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-30T17:44:07.777Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "EOS",
               vendor: "Arista Networks",
               versions: [
                  {
                     lessThanOrEqual: "4.28.5.1M ",
                     status: "affected",
                     version: "4.28.2F",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "4.29.1F",
                     status: "affected",
                     version: "4.29.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><p><span style=\"background-color: transparent;\">Mirroring to multiple destinations must be configured:</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch(config)#show monitor session</span></p><br><p><span style=\"background-color: transparent;\">Session s1</span></p><p><span style=\"background-color: transparent;\">------------------------</span></p><br><p><span style=\"background-color: transparent;\">Sources:</span></p><br><p><span style=\"background-color: transparent;\">Both Interfaces:  &nbsp; &nbsp; &nbsp; Et1/1</span></p><br><p><span style=\"background-color: transparent;\">Destination Ports:</span></p><br><p><span style=\"background-color: rgb(255, 255, 0);\">&nbsp; &nbsp; Et9/1 :  active</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">&nbsp; &nbsp; Et10/1 :  active</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">In the above example two destinations, Et9/1 and Et10/1, are configured.</span></p><br><p><span style=\"background-color: transparent;\">Mirroring config must be added with mirror destination being ethernet port, example:</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch # show running-config | section monitor</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">monitor session APCON destination Ethernet54/1</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">In the above example the argument after destination is an Ethernet port.</span></p></b><br><br>",
                  },
               ],
               value: "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces:        Et1/1\n\n\nDestination Ports:\n\n\n    Et9/1 :  active\n\n    Et10/1 :  active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n",
            },
         ],
         datePublic: "2023-08-23T15:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.</span><br>",
                  },
               ],
               value: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-603",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-603 Blockage",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-125",
                     description: "CWE-125 Out-of-bounds Read",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-29T16:31:57.668Z",
            orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
            shortName: "Arista",
         },
         references: [
            {
               url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
            },
         ],
         solutions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.<br>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><p>CVE-2023-3646 has been fixed in the following releases:</p><ul><li>4.28.6M and later releases in the 4.28.x train</li><li>4.29.2F and later releases in the 4.29.x train</li></ul>",
                  },
               ],
               value: "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n  *  4.28.6M and later releases in the 4.28.x train\n  *  4.29.2F and later releases in the 4.29.x train\n\n\n",
            },
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<h3>Hotfix</h3><p>The following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):</p><ul><li>4.28.2F through 4.28.5.1M releases in the 4.28.x train</li><li>4.29.1F and earlier releases in the 4.29.X train</li></ul><p>Note: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.</p><p>To determine which hotfix to use, run “<b>show version</b>” from the CLI and refer to the “Architecture” Field.</p><div>Version: 1.0<br>URL: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\">SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix</a><pre>SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n</pre></div><div>&nbsp;</div><div>URL: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\">SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix</a><pre>SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n</pre></div><div>&nbsp;</div><p>For instructions on installation and verification of the hotfix patch, refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\">“managing eos extensions”</a>&nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.</p><br>",
                  },
               ],
               value: "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n  *  4.28.2F through 4.28.5.1M releases in the 4.28.x train\n  *  4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run “show version” from the CLI and refer to the “Architecture” Field.\n\nVersion: 1.0\nURL:  SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n \n\nURL:  SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n \n\nFor instructions on installation and verification of the hotfix patch, refer to the  “managing eos extensions” https://www.arista.com/en/um-eos/eos-managing-eos-extensions  section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.\n\n\n",
            },
         ],
         source: {
            advisory: "88",
            defect: [
               "BUG829136",
               "BUG765111",
            ],
            discovery: "INTERNAL",
         },
         title: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.",
         workarounds: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<b><p><span style=\"background-color: transparent;\">The suggestion to prevent this issue is to remove any mirroring config</span></p><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">#show monitor session</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">No sessions created</span></p></td></tr></tbody></table></div><p><span style=\"background-color: transparent;\">This example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.</span></p></b><br><br>",
                  },
               ],
               value: "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
      assignerShortName: "Arista",
      cveId: "CVE-2023-3646",
      datePublished: "2023-08-29T16:31:57.668Z",
      dateReserved: "2023-07-12T17:53:27.986Z",
      dateUpdated: "2024-09-30T17:44:07.777Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-24512
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2024-08-02 10:56
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
Impacted products
Vendor Product Version
Arista Networks Terminattr Version: 1.23.0
Version: unspecified   <
Version: 1.24.0   <
Version: 1.22.0   <
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:56:04.371Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Terminattr",
               vendor: "Arista Networks",
               versions: [
                  {
                     status: "affected",
                     version: "1.23.0",
                  },
                  {
                     lessThanOrEqual: "1.19.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "1.24.3",
                     status: "affected",
                     version: "1.24.0",
                     versionType: "custom",
                  },
                  {
                     lessThanOrEqual: "1.22.1",
                     status: "affected",
                     version: "1.22.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         configurations: [
            {
               lang: "en",
               value: "In order to be vulnerable to CVE-2023-24512 the following conditions must be all be met:\n\nA vulnerable version of the Streaming Telemetry Agent must be installed on the switch. The version can be verified with the following commands:\n#show version detail | grep TerminAttr-core\nTerminAttr-core      v1.13.3         1\n\nIn the above example, TerminAttr 1.13.3 is installed.\n\nThe agent must be running on the switch. This can be verified as follows on the switch:\nswitch# show daemon TerminAttr\nProcess: TerminAttr (running with PID 2430)\n\n\nThe Streaming Telemetry Agent must be configured to allow external connections using gRPC. This can be verified by the presence of the -grpcaddr option:\nswitch# daemon TerminAttr\n    show active\ndaemon TerminAttr\n   exec /usr/bin/TerminAttr -grpcaddr=... <other options...>",
            },
         ],
         datePublic: "2023-04-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284 Improper Access Control",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-25T00:00:00",
            orgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
            shortName: "Arista",
         },
         references: [
            {
               url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "While the steps listed above resolve the issue, the recommended long term solution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nThere are two possible solutions:\n\nUpgrade the Streaming Telemetry Agent \nCustomers can upgrade the Streaming Telemetry Agent to a fixed version, following the directions in https://arista.my.site.com/AristaCommunity/s/article/terminattr-upgrade-downgrade. Fixes are available in the following supported release trains:\nTerminAttr 1.25.0 and later Terminattr versions\nUsers of 1.24.X and 1.23.X TerminAttr releases should upgrade to TerminAttr 1.25.0 or later.\nTerminAttr 1.22.2 and later version in the TerminAttr 1.22.X train\nTerminAttr 1.19.6 and later versions in the TerminAttr 1.19.X train\n",
            },
            {
               lang: "en",
               value: "Upgrade EOS\nCustomers can upgrade to a version of EOS which contains a fixed version of the Streaming Telemetry Agent within the EOS image, as documented in https://www.arista.com/en/um-eos/eos-upgradedowngrade-overview:\nEOS 4.29.2F and later releases, which contains TerminAttr 1.25.0  or a more recent version\nEOS 4.28.6M and later releases in the 4.28.X train, which contains TerminAttr 1.22.2 or a more recent version\nEOS 4.27.9M and later releases in the 4.27.X train, which contains TerminAttr 1.19.6  or a more recent version\nEOS 4.26.10M and later releases in the 4.26.X train, which contains TerminAttr 1.19.6  or a more recent version\n",
            },
         ],
         source: {
            advisory: "86",
            defect: [
               "751697",
            ],
            discovery: "INTERNAL",
         },
         title: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. ",
         workarounds: [
            {
               lang: "en",
               value: "The streaming telemetry agent can be configured in gRPC read-only mode by specifying -grpcreadonly as part of its configuration. For instance as follows:\n\nswitch# daemon TerminAttr\n   exec /usr/bin/TerminAttr -grpcreadonly -grpcaddr=... <other options...>\n   no shutdown\n\n\nIf TerminAttr is running, it must be restarted for the configuration to take effect. This can be done as follows:\n\nswitch# daemon TerminAttr\n   shutdown\n   wait-for-warmup\n   no shutdown",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
      assignerShortName: "Arista",
      cveId: "CVE-2023-24512",
      datePublished: "2023-04-25T00:00:00",
      dateReserved: "2023-01-24T00:00:00",
      dateUpdated: "2024-08-02T10:56:04.371Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 08:17
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "24F7B09D-0669-4855-A981-E462090A10F0",
                     versionEndIncluding: "4.28.5.1m",
                     versionStartIncluding: "4.28.2f",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "24621B26-04A1-4693-BCB4-437544C08B50",
                     versionEndExcluding: "4.29.2f",
                     versionStartIncluding: "4.29.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43B967ED-2212-4558-A9AC-ACA94C94FD39",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1943057A-5776-4B20-97C7-03CE14AEA367",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AE86A14-76ED-4427-94CC-7BF335BB9369",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60FC964C-9835-443A-A584-3A5D6022E914",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A375EB2-6D78-4D81-AB8D-4AC501DC0A4F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8CA46EA-F9AE-42FA-A0D9-EDB82060AB6D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F9FD45E-2D76-43A0-AE2A-C6DC59C45984",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58443CDE-33D8-4460-A861-CDC07431AA22",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26FDC60C-860F-40BD-AF13-54712B56C87F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "70658CB0-D114-40E5-866D-B21875FFF93C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64BE8C68-FE98-4162-A3D3-54494D5444F5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9615121C-4EC0-44F5-8C00-E70271CC04A2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n",
      },
   ],
   id: "CVE-2023-3646",
   lastModified: "2024-11-21T08:17:44.693",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@arista.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-29T17:15:12.727",
   references: [
      {
         source: "psirt@arista.com",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
      },
   ],
   sourceIdentifier: "psirt@arista.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "psirt@arista.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-125",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-25 21:15
Modified
2024-11-21 07:48
Summary
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
Impacted products
Vendor Product Version
arista eos *
arista eos *
arista eos *
arista eos *
arista 32qd -
arista 48ehs -
arista 48lbas -
arista 48lbs -
arista 48s6qd -
arista 7010t-48 -
arista 7020sr-24c2 -
arista 7020sr-32c2 -
arista 7020tr-48 -
arista 7020tra-48 -
arista 7050cx3-32s -
arista 7050cx3m-32s -
arista 7050qx-32s -
arista 7050qx2-32s -
arista 7050sx-128 -
arista 7050sx-64 -
arista 7050sx-72q -
arista 7050sx2-128 -
arista 7050sx2-72q -
arista 7050sx3-48c8 -
arista 7050sx3-48yc -
arista 7050sx3-48yc12 -
arista 7050sx3-48yc8 -
arista 7050sx3-96yc8 -
arista 7050tx-48 -
arista 7050tx-64 -
arista 7050tx-72q -
arista 7050tx2-128 -
arista 7050tx3-48c8 -
arista 7060cx-32s -
arista 7060cx2-32s -
arista 7060dx4-32 -
arista 7060px4-32 -
arista 7060sx2-48yc6 -
arista 7130-16g3s -
arista 7130-48g3s -
arista 7130-96s -
arista 7150s-24 -
arista 7150s-52 -
arista 7150s-64 -
arista 7150sc-24 -
arista 7150sc-64 -
arista 7160-32cq -
arista 7160-48tc6 -
arista 7160-48yc6 -
arista 7170-32c -
arista 7170-32cd -
arista 7170-64c -
arista 7170b-64c -
arista 720df-48y -
arista 720dp-24s -
arista 720dp-48s -
arista 720dt-24s -
arista 720dt-48s -
arista 720xp-24y6 -
arista 720xp-24zy4 -
arista 720xp-48y6 -
arista 720xp-48zc2 -
arista 720xp-96zc2 -
arista 7250qx-64 -
arista 7260cx -
arista 7260cx3 -
arista 7260qx -
arista 7260sx2 -
arista 7280cr2k-60 -
arista 7280cr3-32d4 -
arista 7280cr3-32p4 -
arista 7280cr3-96 -
arista 7280cr3k-32d4 -
arista 7280cr3k-32p4 -
arista 7280cr3k-96 -
arista 7280dr3-24 -
arista 7280dr3k-24 -
arista 7280e -
arista 7280pr3-24 -
arista 7280pr3k-24 -
arista 7280sr3-48yc8 -
arista 7280sr3k-48yc8 -
arista 7300x-32q -
arista 7300x-64s -
arista 7300x-64t -
arista 7300x3-32c -
arista 7300x3-48yc4 -
arista 7320x-32c -
arista 7358x4 -
arista 7368x4 -
arista 7388x5 -
arista 7500r3-24d -
arista 7500r3-24p -
arista 7500r3-36cq -
arista 7500r3k-36cq -
arista 7804r3 -
arista 7808r3 -
arista 7812r3 -
arista 7816r3 -
arista 96lbs -
arista dcs-7010tx-48 -
arista dcs-7500-12cq-lc -
arista dcs-7500e-12cm-lc -
arista dcs-7500e-36q-lc -
arista dcs-7500e-48s-lc -
arista dcs-7500e-6c2-lc -
arista dcs-7500e-72s-lc -
arista dcs-7500r-36cq-lc -
arista dcs-7500r-36q-lc -
arista dcs-7500r-48s2cq-lc -
arista ceos-lab *
arista cloudeos -
arista veos-lab -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "341CA00E-8BDE-4BF9-90D4-7B07FC484D18",
                     versionEndExcluding: "4.26.10m",
                     versionStartIncluding: "4.26.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00A7CEC1-C298-4AEE-A079-550167C2AA3A",
                     versionEndExcluding: "4.27.9m",
                     versionStartIncluding: "4.27.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "32D876FE-C639-4870-A412-0239EA0155D0",
                     versionEndExcluding: "4.28.6m",
                     versionStartIncluding: "4.28.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "24621B26-04A1-4693-BCB4-437544C08B50",
                     versionEndExcluding: "4.29.2f",
                     versionStartIncluding: "4.29.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:arista:32qd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4184EB8C-5972-413F-A6CD-B1365D242B41",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:48ehs:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FED3033F-6AFD-462B-BED4-032D84D41068",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:48lbas:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EDFE460-5163-4A86-BFDE-7F0FA8EC96D1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:48lbs:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8C680AE5-0810-4A0C-9234-405F2A879F87",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:48s6qd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "38A296BD-4449-447C-AF27-F6C033C686D6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7010t-48:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CCF6152-815E-4B3C-AE4B-CA598BEBD020",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7781CB15-3452-47D9-A961-8B09F2E9AEC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "09A31FB8-512E-43EF-8F87-E02E35F5251E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CBFF922-28D7-42D6-8796-91AD9A178D28",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "561B4042-DFD3-4BC0-9C5F-74799A7E92C5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "828C6E4F-814A-4060-8F5E-7FF359C8739C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "253D74DE-97F5-40F3-B179-D2D4442C57FD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75E03F9E-522F-4D9B-9267-09E2550B5465",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "895A7AFD-BE76-47F5-B67B-6279046E4274",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "74E258EC-EA50-4185-AA35-5D963C359E74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1482D4FC-60B9-4C89-B892-71AA3E1031F3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C99D84E9-2229-459E-AE90-49C2EF670884",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D922C725-1139-4DD4-92FC-9FF15E35CE62",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07BA078E-30B7-4E2C-B240-BF64E98143E9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5951D243-CB68-4B41-A913-D879CE502795",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73156612-D338-4E20-8C82-0E65DAA72331",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "78E7CDCC-ADC6-4854-BFC4-72DA47C5F10B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B03678D-AD7B-4B1A-8E6A-1811DD8B1483",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E803639C-13A1-48CA-A589-C83654AE454F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A495D282-D3DC-4D18-AB72-2358834C238E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D518C8D5-A86B-46E5-A646-8939BFA2E116",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1608297-7079-4F3B-857E-708B74E944D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "806A01C5-231D-4F9D-A292-E9DD706A0C66",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10746F-8FC0-49EF-BB9C-EC49B734DFA3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26582E98-B710-46D7-B8F2-9286E0592FA6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFFA321D-F4A5-434C-BB39-D2B2687001D6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3264E086-4E90-41D0-8583-8FCF3CE4885D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7150s-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "93D74C0B-E470-4D45-98E2-775DE43997DF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7150s-52:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B2CAA23-003C-43E6-87CE-61E4369C2D30",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7150s-64:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7445075-D130-472C-B259-6BACE678541D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7150sc-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF3FA52A-3A67-4515-9790-598860102893",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7150sc-64:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6336F166-FAD3-4846-84B9-45F5FAA3D437",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7160-32cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7620401C-FB14-46F1-979B-B21194F90945",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7160-48tc6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07DFC236-44B3-4EEF-8937-4F86EE99EB45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7160-48yc6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "823E5569-C918-40E6-A2C5-7C415E4ADEF5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E8EFEEA5-0FC4-4FFC-BF5D-BDBAA1B55C70",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2959C68-8731-4F37-B9E7-61E5936D3D8E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6FB3395-8D13-4477-A46E-37A88272CFAB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7170b-64c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EE3572E-A724-4057-8776-7A95528DCEE7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720df-48y:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8FCDB83-38D5-4F02-97E2-BBEF891DCDD7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720dp-24s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "80EAF795-EB62-4A86-A0FC-A09008E631A6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720dp-48s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA03BA0B-BB2D-41CF-BA2E-B21604D6FBC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720dt-24s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AE185FD-0D4D-4862-B513-BC68BF3F9F7E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720dt-48s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "46C2150F-2FD6-452F-8C56-7413E3EB8FDC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58757129-BF9C-4BD8-B692-BB57023F8A48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2756BB4B-1053-4EAC-AC0B-785FD5039D5F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "40D36540-7723-4284-A207-6BD27728CA25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF95CB28-E010-4A1D-A746-F9DDF015868F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DD95B3B-D655-42DC-85C2-2C6FDBCC77F1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E40D14DE-BAFB-461F-9AA7-E3EDC2D8D468",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "901E5B76-0EB7-4EAD-A281-15B9F78041AB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE1DE992-9BFA-4794-82F4-66F464BB384E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7260sx2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58296832-AA93-4EAE-96BD-28EC368F8391",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F569286-C19F-48CB-AB24-89C4A1EB6F81",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "16CB1780-6DEC-4140-A771-9139C77A8A88",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "11DE9CB6-4453-4EED-B7FC-6374F9225B83",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A98C94CB-7DFC-4CAC-9D98-B3E80BF1EE56",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "56AF4A54-7568-4FE0-BE5F-02BD9FADDCE5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4057906A-B27B-4B53-97F6-3F5F35794990",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "79AB0F1D-ACCA-490C-96F2-FC23A8611CB8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDF8A65D-6FBC-4C38-8B45-418E6C5EB16C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F088D51-24F4-49AD-8397-73D1EAF45F56",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "69BA5C6D-40C0-4AA3-AC10-D7F097D8EDD9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0040BDDF-D711-4619-9E96-96EFBD33CAA0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4AA716D-CAD1-4689-8A26-977A2E5F869E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AD08CBF-6F42-4F98-B413-F65C5613BE6B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7358x4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBC38094-A539-425D-A2B6-770FAF0FC3C4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "161DB0D9-9BAC-4546-88D3-5547F4B6149C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A54F3D32-5A07-4791-90BF-96BD8A24C2F6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:96lbs:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBAE5B17-52F9-4FDD-BD65-AA0C1ADB4806",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7010tx-48:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9CB43CD4-C96F-483C-B743-3D81C9A65EDF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500-12cq-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCCC3EC2-D68C-49E5-8E72-35F16853CA04",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "30D363C8-7D75-4EA7-B5BC-566C1C9ECE96",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500e-36q-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E0CD14C-E2C8-4EEC-AAD9-E2428E8610DC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500e-48s-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD40F1C-32AA-42DF-9378-724CD949127B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4DB63C0B-D27A-4CB4-B379-570C0DC8B958",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500e-72s-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2468E734-5CA3-4293-A806-358FE659AEA6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "52C4EAF7-6FD7-477A-B4BE-DE5920BF7BBA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500r-36q-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABA8BEE5-9EDC-4BAC-AB7C-4F9E6680388B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB68705B-A8A5-49AB-AC53-02B311900F7D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:arista:ceos-lab:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2260519E-FB90-4924-95E7-1FCC34C4B38B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:arista:cloudeos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "362F2E0F-3D40-444F-87F3-21CA70B1AD04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:arista:veos-lab:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "04B29E15-3CFB-45EC-B252-8F02CC1E589C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision",
      },
   ],
   id: "CVE-2023-24512",
   lastModified: "2024-11-21T07:48:01.437",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "psirt@arista.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-25T21:15:10.190",
   references: [
      {
         source: "psirt@arista.com",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086",
      },
   ],
   sourceIdentifier: "psirt@arista.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "psirt@arista.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-08-29 17:15
Modified
2024-11-21 07:48
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9F1F226-FDB1-4452-B166-D08635DAEC5B",
                     versionEndIncluding: "4.22.13m",
                     versionStartIncluding: "4.22.1f",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "13BE6AE1-4649-4E0B-A4CA-2632CD400940",
                     versionEndIncluding: "4.23.14m",
                     versionStartIncluding: "4.23.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2909559A-6FB4-400C-A1AE-BF2B883F4964",
                     versionEndIncluding: "4.24.11m",
                     versionStartIncluding: "4.24.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*",
                     matchCriteriaId: "37536357-7701-48BE-9751-9BADD8E4AAAF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7FEC18B3-7980-4EBF-8E15-F8E92DADD062",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E54F451-CA87-4F32-A088-AE18123CE07A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43B967ED-2212-4558-A9AC-ACA94C94FD39",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD7877C6-9DE4-4952-94D2-3A456D02CF1A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FD635FB-5EA8-4B02-894C-4C016090AAB3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85D9E9FF-564E-4B16-8070-33A366F48FE9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC1F6DBC-212F-4E0B-B039-06955322B0D7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC474A71-8D2F-4138-9D65-E2F86B0B62DC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1943057A-5776-4B20-97C7-03CE14AEA367",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AE86A14-76ED-4427-94CC-7BF335BB9369",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EA04EA0-170A-4B79-96B8-8F09D6FFC261",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14163D2-B236-4C78-9DB4-97DE6D996EBC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60FC964C-9835-443A-A584-3A5D6022E914",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8143579F-AD53-4D74-AE3E-4D465DCD7A57",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "939772F0-4352-46C1-B6D5-38FA12EBF6E1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "019B0670-389B-4A4E-8C72-52202E3AA8EF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E49B089-AE52-4B47-A3B4-547D10ACED9A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "58443CDE-33D8-4460-A861-CDC07431AA22",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "26FDC60C-860F-40BD-AF13-54712B56C87F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "70658CB0-D114-40E5-866D-B21875FFF93C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6BBA281-F67E-4D13-BDCD-E1164912EC8C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABAC894C-D39E-4BB2-A968-E2F23C299A29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "64BE8C68-FE98-4162-A3D3-54494D5444F5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9615121C-4EC0-44F5-8C00-E70271CC04A2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n",
      },
   ],
   id: "CVE-2023-24548",
   lastModified: "2024-11-21T07:48:06.157",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "psirt@arista.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-08-29T17:15:11.790",
   references: [
      {
         source: "psirt@arista.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089",
      },
   ],
   sourceIdentifier: "psirt@arista.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "psirt@arista.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-13 20:15
Modified
2024-11-21 07:48
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "498704F8-24D4-48C9-A5CB-4A8F7054AA49",
                     versionEndIncluding: "4.23.13m",
                     versionStartIncluding: "4.23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8923F137-B1BA-49FF-A100-AD357966EE4F",
                     versionEndExcluding: "4.24.11m",
                     versionStartIncluding: "4.24.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D6EA8CE-BAA4-4B4D-8A9F-A65018FC6B3A",
                     versionEndExcluding: "4.25.10m",
                     versionStartIncluding: "4.25.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "659190E5-DFB0-4172-BD6F-1B9E22533CE5",
                     versionEndExcluding: "4.26.9m",
                     versionStartIncluding: "4.26.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "20966F67-1C70-458C-A4EF-02612345DE48",
                     versionEndExcluding: "4.27.7m",
                     versionStartIncluding: "4.27.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F57FAA3-518C-498C-9580-19A207C8F176",
                     versionEndExcluding: "4.28.4m",
                     versionStartIncluding: "4.28.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:arista:704x3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7C0C33F-72A7-41CA-A666-1CEC9F0FE02F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7304x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "65C6E0C9-7F81-4CE3-BD46-7939667E5969",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "78FE473B-CA6E-4E8D-8DBF-676B1ECBB185",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7308x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7A8ABF1-ADF4-474D-B01B-8BB271E1263E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7316x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73ECE6D6-12E5-4396-9C19-3B2E08E13147",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8862F74-E399-41EE-A081-62D99A7C1755",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F16261D-639F-4CAB-BDA6-EF3F277E663C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7504r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD1F369D-93BF-4259-99F5-97FBEF79BBA5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7508r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F35978B6-889C-47DB-971B-B2A12FF537E0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7512r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2360E039-5F12-4210-8578-7EBDA4575A6E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7516r:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D45E5E5-7EB9-41E7-8EEE-570E6646EDDD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:755x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "585E3617-2B1F-4E58-853A-0E9703B91B80",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:758x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "13B1D90C-73CC-49A2-B202-B07D96226729",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A54F3D32-5A07-4791-90BF-96BD8A24C2F6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9B99200-EC76-404E-9900-5D1DC3B9A758",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A172A49-1A0E-464B-BDDD-A8F52856D595",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.",
      },
   ],
   id: "CVE-2023-24509",
   lastModified: "2024-11-21T07:48:00.993",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 9.3,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 6,
            source: "psirt@arista.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-13T20:15:08.843",
   references: [
      {
         source: "psirt@arista.com",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082",
      },
   ],
   sourceIdentifier: "psirt@arista.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-269",
            },
         ],
         source: "psirt@arista.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}