Vulnerabilites related to Arista Networks - EOS
cve-2023-3646
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.28.2F < Version: 4.29.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:25.757684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:44:07.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.28.5.1M ",
"status": "affected",
"version": "4.28.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring to multiple destinations must be configured:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch(config)#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSession s1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------------------\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSources:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBoth Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; Et1/1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDestination Ports:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et9/1 : active\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et10/1 : active\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example two destinations, Et9/1 and Et10/1, are configured.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring config must be added with mirror destination being ethernet port, example:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch # show running-config | section monitor\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003emonitor session APCON destination Ethernet54/1\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example the argument after destination is an Ethernet port.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: \u00a0 \u00a0 \u00a0 Et1/1\n\n\nDestination Ports:\n\n\n\u00a0 \u00a0 Et9/1 : active\n\n\u00a0 \u00a0 Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-603",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-603 Blockage"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:31:57.668Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-3646 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.6M and later releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.2F and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.2F through 4.28.5.1M releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.1F and earlier releases in the 4.29.X train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\u003c/p\u003e\u003cp\u003eTo determine which hotfix to use, run \u201c\u003cb\u003eshow version\u003c/b\u003e\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\u003c/p\u003e\u003cdiv\u003eVersion: 1.0\u003cbr\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run \u201cshow version\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n\u00a0\n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n\u00a0\n\nFor instructions on installation and verification of the hotfix patch, refer to the \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\n\n\n"
}
],
"source": {
"advisory": "88",
"defect": [
"BUG829136",
"BUG765111"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe suggestion to prevent this issue is to remove any mirroring config\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eNo sessions created\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-3646",
"datePublished": "2023-08-29T16:31:57.668Z",
"dateReserved": "2023-07-12T17:53:27.986Z",
"dateUpdated": "2024-09-30T17:44:07.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28506
Vulnerability from cvelistv5
Published
2022-01-14 19:04
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.2F < Version: 4.25.5.1M < Version: 4.25.4M < Version: 4.25.3 < Version: 4.24.7M < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.5",
"status": "affected",
"version": "4.25.5.1M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.4",
"status": "affected",
"version": "4.25.4M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.2F",
"status": "affected",
"version": "4.24.7M",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:04:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28506 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606192"
],
"discovery": "EXTERNAL"
},
"title": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.",
"workarounds": [
{
"lang": "en",
"value": "No mitigation options available"
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28506 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-01-11T22:22:00.000Z",
"ID": "CVE-2021-28506",
"STATE": "PUBLIC",
"TITLE": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.2F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.5.1M",
"version_value": "4.25.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.4M",
"version_value": "4.25.4"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.3",
"version_value": "4.25.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.24.7M",
"version_value": "4.24.2F"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28506 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606192"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "No mitigation options available"
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28506 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28506",
"datePublished": "2022-01-14T19:04:50.282050Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T22:09:48.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24548
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.25.0F < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.1F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:44.954023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:46:19.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "=4.25.0F",
"status": "affected",
"version": "4.25.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.23.14M",
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.22.13M",
"status": "affected",
"version": "4.22.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIP routing should be enabled:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSwitch\u0026gt; show running-config section ip routing\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN should be configured - a sample configuration is found below:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Loopback interface configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section loopback\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 10.0.0.1/32\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# VXLAN VTEP configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vxlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan source-interface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan udp-port 4789\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan flood vtep 10.0.0.2\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Overlay interface\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Ethernet1/1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;switchport access vlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vlan100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 1.0.0.1/24\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; vxlan vlan 100 vni 100000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evrf instance red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing vrf red\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan vrf red vni 200000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eWhether such a configuration exists can be checked as follows:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vxlan vni\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; \u0026nbsp; Interface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 802.1Q Tag\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- ------------ ----------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static \u0026nbsp; \u0026nbsp; \u0026nbsp; Ethernet1/1 \u0026nbsp; \u0026nbsp; \u0026nbsp; untagged\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Vxlan1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 100\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to dynamic VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; Source\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- --------- ------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e200000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; red \u0026nbsp; \u0026nbsp; \u0026nbsp; evpn\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVLAN Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Ports\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----- -------------------------------- --------- -------------------------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; VLAN0100 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e* VLAN1006 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show ip interface brief\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Address\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----------------- --------------------- ------------ -------------- ----------- -------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.0.0.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; unassigned \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10168\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch\u003e show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch\u003e show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch\u003e show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch\u003e show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch\u003e show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch\u003e show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch\u003e show vlan\n\nVLAN Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n\n\nswitch\u003e show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn\u003c/span\u003e \u003cspan style=\"background-color: transparent;\"\u003eaffected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-583",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-583 Disabling Network Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:13:10.451Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2023-24548 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.0F and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.29.0F and later releases in the 4.29.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.28.0F and later releases in the 4.28.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.27.0F and later releases in the 4.27.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.26.0F and later releases in the 4.26.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.25.1F and later releases in the 4.25.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: transparent;\"\u003eNo remediation is planned for EOS software versions that are beyond their \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"\u003e\u003cspan style=\"background-color: transparent;\"\u003estandard EOS support lifecycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;\"\u003e (i.e. 4.22, 4.23).\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n * 4.30.0F and later releases in the 4.30.x train\n\n\n * 4.29.0F and later releases in the 4.29.x train\n\n\n * 4.28.0F and later releases in the 4.28.x train\n\n\n * 4.27.0F and later releases in the 4.27.x train\n\n\n * 4.26.0F and later releases in the 4.26.x train\n\n\n * 4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).\n"
}
],
"source": {
"advisory": "Security Advisory 89",
"defect": [
"828687"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24548",
"datePublished": "2023-08-29T16:13:10.451Z",
"dateReserved": "2023-01-26T11:37:43.827Z",
"dateUpdated": "2024-09-30T17:46:19.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28511
Vulnerability from cvelistv5
Published
2022-08-05 16:47
Modified
2024-09-16 17:15
Severity ?
EPSS score ?
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.24.0 < Version: 4.25.0 < Version: 4.26.0 < Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:31.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.24.9",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.8",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.5",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.3",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:47:29",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe fixed versions for the currently supported release trains are as follows:\n\n4.24.10 and later releases in the 4.24.x train\n4.25.9 and later releases in the 4.25.x train\n4.26.6 and later releases in the 4.26.x train\n4.27.4 and later releases in the 4.27.x train\n4.28.0 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "78",
"defect": [
"BUG",
"641088"
],
"discovery": "INTERNAL"
},
"title": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ...",
"workarounds": [
{
"lang": "en",
"value": "Configure a NAT \u201cdrop\u201d ACL rule for each security ACL \u201cdrop\u201d rule that should be applied to the interface that has NAT configured. This will prevent the packets from being translated at the expense of maintaining the configuration in two places."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-07-19T21:15:00.000Z",
"ID": "CVE-2021-28511",
"STATE": "PUBLIC",
"TITLE": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.24.0",
"version_value": "4.24.9"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.0",
"version_value": "4.25.8"
},
{
"version_affected": "\u003c=",
"version_name": "4.26.0",
"version_value": "4.26.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0",
"version_value": "4.27.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe fixed versions for the currently supported release trains are as follows:\n\n4.24.10 and later releases in the 4.24.x train\n4.25.9 and later releases in the 4.25.x train\n4.26.6 and later releases in the 4.26.x train\n4.27.4 and later releases in the 4.27.x train\n4.28.0 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "78",
"defect": [
"BUG",
"641088"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Configure a NAT \u201cdrop\u201d ACL rule for each security ACL \u201cdrop\u201d rule that should be applied to the interface that has NAT configured. This will prevent the packets from being translated at the expense of maintaining the configuration in two places."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28511",
"datePublished": "2022-08-05T16:47:31.584165Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T17:15:30.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9135
Vulnerability from cvelistv5
Published
2025-03-04 20:12
Modified
2025-03-04 20:34
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:54.371098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:34:15.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.0"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8.1",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9.1",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0"
},
{
"lessThanOrEqual": "4.27.1",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9135, the following condition must be met:\u003c/p\u003e\u003cp\u003eBGP Link State must be configured:\u003c/p\u003e\u003cpre\u003eswitch# router bgp 65544\nswitch# \u0026nbsp; address-family link-state\nswitch# \u0026nbsp; \u0026nbsp; \u0026nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u0026nbsp; Description \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Neighbor V AS \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MsgRcvd \u0026nbsp; MsgSent InQ OutQ Up/Down State \u0026nbsp; NlriRcd NlriAcc\n \n\u0026nbsp; brw363 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.0.2.9 4 65550 \u0026nbsp; \u0026nbsp; \u0026nbsp; 194222 \u0026nbsp; 125149 \u0026nbsp; 0 \u0026nbsp; 0 01:08:41 Estab \u0026nbsp; 211948 211948\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# \u00a0 address-family link-state\nswitch# \u00a0 \u00a0 \u00a0 neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u00a0 Description \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Neighbor V AS \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MsgRcvd \u00a0 MsgSent InQ OutQ Up/Down State \u00a0 NlriRcd NlriAcc\n \n\u00a0 brw363 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 192.0.2.9 4 65550 \u00a0 \u00a0 \u00a0 194222 \u00a0 125149 \u00a0 0 \u00a0 0 01:08:41 Estab \u00a0 211948 211948\n\n\n\u00a0\n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch\u003esh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Dods from Meta\u2019s Infrastructure Security team."
}
],
"datePublic": "2025-01-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:02.025Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
],
"source": {
"advisory": "110",
"defect": [
"1006114"
],
"discovery": "UNKNOWN"
},
"title": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\u003c/p\u003e\u003cpre\u003e1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u0026gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\u0027\n3. Reload the switch or router\u003c/pre\u003e"
}
],
"value": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u003e /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u003e\u003e /mnt/flash/toggle_override\u0027\n3. Reload the switch or router"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9135",
"datePublished": "2025-03-04T20:12:02.025Z",
"dateReserved": "2024-09-23T23:03:07.318Z",
"dateUpdated": "2025-03-04T20:34:15.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28510
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.22 Version: 4.27.1 < Version: 4.26.4 < Version: 4.25.6 < Version: 4.24.8 < Version: 4.23.10 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.22"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.0",
"status": "affected",
"version": "4.24.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.23.0",
"status": "affected",
"version": "4.23.10",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28510 has been fixed in the following releases:\n4.27.2 and later releases in the 4.27.x train\n4.26.5 and later releases in the 4.26.x train\n4.25.7 and later releases in the 4.25.x train\n4.24.9 and later releases in the 4.24.x train\n4.23.11 and later releases in the 4.23.x train\n"
},
{
"lang": "en",
"value": "Hotfix\n\nThe following hotfix can be applied to remediate CVE-2021-28510\nNote: Installing/uninstalling the SWIX will cause the PTP agent to restart.\n\nVersion: 1.0\nURL:SecurityAdvisory76_CVE-2021-28510_Hotfix.swix\n\nSWIX hash: (SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437 "
}
],
"source": {
"advisory": "76",
"defect": [
"BUG",
"638107"
],
"discovery": "INTERNAL"
},
"title": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.",
"workarounds": [
{
"lang": "en",
"value": "Install ACL rules to drop PTP packets from untrusted sources. Best practice is to block access to untrusted (non-management) networks."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28510",
"datePublished": "2023-01-24T00:00:00",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1260
Vulnerability from cvelistv5
Published
2025-03-04 19:49
Modified
2025-03-04 20:41
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:41:36.492094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:41:46.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in unexpected configuration/operations being applied to the switch.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in unexpected configuration/operations being applied to the switch."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:49:00.278Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1260",
"datePublished": "2025-03-04T19:49:00.278Z",
"dateReserved": "2025-02-12T18:10:28.745Z",
"dateUpdated": "2025-03-04T20:41:46.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24513
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:47
Severity ?
EPSS score ?
Summary
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:47:04.977700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:47:10.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.5M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.8M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.9M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24545 and CVE-2023-24513, the switch must be configured to run the Software Forwarding Engine (Sfe). Sfe is the default configuration on CloudEOS platforms. "
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24513 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n\n"
},
{
"lang": "en",
"value": "The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains:\n\nNote: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds.\n4.29.1F and below releases in the 4.29.x Train:\nURL:SecurityAdvisory85_4.29_Hotfix.swix\nSWIX Hash:\nSHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs\n4.28.5M and below releases in the 4.28.x train:\nURL:SecurityAdvisory85_4.28_Hotfix.swix\nSWIX Hash:\n(SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079\n4.27.8M and below releases in the 4.27.x train:\nURL:SecurityAdvisory85_4.27_Hotfix.swix\nSWIX Hash:\n(SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go\n4.26.9M and below releases in the 4.26.x train:\nURL:SecurityAdvisory85_4.26_Hotfix.swix\nSWIX Hash:\n(SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2\n"
}
],
"source": {
"advisory": "85",
"defect": [
"764777"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...",
"workarounds": [
{
"lang": "en",
"value": "There is no mitigation / workaround for these issues."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24513",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:47:10.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8000
Vulnerability from cvelistv5
Published
2025-03-04 20:20
Modified
2025-03-04 20:33
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:23.880423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:33:37.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.4M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003e802.1X must be configured.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eThe customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eASU must have occurred ( more information about the upgrade process can be found here at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eUpgrades and Downgrades - Arista\u003c/a\u003e\u0026nbsp;). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe below example shows an example of this issue before and after ASU:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\", \u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\u003c/p\u003e\u003cp\u003eWhen ASU is performed:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cp\u003eThe above example is after ASU. Note the nasFilterRule is now only one line. \u003c/p\u003e\u003cp\u003eNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\n\n * 802.1X must be configured.\u00a0\n\n\n * The customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u00a0\n\n\n * ASU must have occurred ( more information about the upgrade process can be found here at Upgrades and Downgrades - Arista https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \u00a0). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \nThe below example shows an example of this issue before and after ASU:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\", \n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\n\u00a0\n\nThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\n\nWhen ASU is performed:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\nThe above example is after ASU. Note the nasFilterRule is now only one line. \n\nNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \u003c/p\u003e\u003cp\u003eNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:20:53.517Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e. \u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8000 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0M and above\u003c/li\u003e\u003cli\u003e4.32.5M and above releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6M and above releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and above releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades . \n\n\u00a0\n\nCVE-2024-8000 has been fixed in the following releases:\n\n * 4.33.0M and above\n * 4.32.5M and above releases in the 4.32.x train\n * 4.31.6M and above releases in the 4.31.x train\n * 4.30.9M and above releases in the 4.30.x train"
}
],
"source": {
"advisory": "109",
"defect": [
"989881"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to re-authenticate each supplicant. This can be done by running the command \u201c\u003cb\u003edot1x re-authenticate\u003c/b\u003e\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#dot1x re-authenticate\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `\u003cb\u003eshow logging\u003c/b\u003e` to show the supplicant has been successfully authenticated and `\u003cb\u003eshow ip access-lists\u003c/b\u003e` to verify the ACL is installed correctly. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u0026nbsp; \u0026nbsp;20 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 30 permit tcp any any eq 80\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 40 permit tcp any any eq 443\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 50 deny ip host 192.168.1.100\n \n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n\u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\"nasFilterRules\": [\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\n\u0026nbsp; \u0026nbsp; ],\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\u003c/pre\u003e\u003cp\u003eIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to re-authenticate each supplicant. This can be done by running the command \u201cdot1x re-authenticate\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \n\nswitch(Ethernet 1)#dot1x re-authenticate\n\n\n\u00a0\n\nAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\n\nswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\n\n\u00a0\n\nIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `show logging` to show the supplicant has been successfully authenticated and `show ip access-lists` to verify the ACL is installed correctly. \n\nswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u00a0 \u00a0 \u00a0 \u00a0 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u00a0 \u00a020 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u00a0 \u00a0 \u00a0 \u00a0 30 permit tcp any any eq 80\n\u00a0 \u00a0 \u00a0 \u00a0 40 permit tcp any any eq 443\n\u00a0 \u00a0 \u00a0 \u00a0 50 deny ip host 192.168.1.100\n \n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n\u00a0 \u00a0 \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n\u00a0 \u00a0 ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\nIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-8000",
"datePublished": "2025-03-04T20:20:53.517Z",
"dateReserved": "2024-08-19T23:25:41.372Z",
"dateUpdated": "2025-03-04T20:33:37.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28507
Vulnerability from cvelistv5
Published
2022-01-14 19:04
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.22.x Version: 4.26.2F < Version: 4.25.5.1M < Version: 4.25.4M < Version: 4.25.3 < Version: 4.24.7M < Version: 4.23.9M < Version: 4.21.x < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.22.x"
},
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.5",
"status": "affected",
"version": "4.25.5.1M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.4",
"status": "affected",
"version": "4.25.4M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.0",
"status": "affected",
"version": "4.24.7M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.23.0",
"status": "affected",
"version": "4.23.9M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.21.x",
"status": "affected",
"version": "4.21.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:04:51",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28507 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train\n4.23.10M and later releases in the 4.23.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606248"
],
"discovery": "EXTERNAL"
},
"title": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.",
"workarounds": [
{
"lang": "en",
"value": "On the affected versions, all vulnerabilities can be mitigated by disabling OpenConfig gNMI/gNOI and OpenConfig RESTCONF and TerminAttr. If use of these agents is required, a hotfix employing a proxy service can be deployed."
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28507 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-01-11T22:22:00.000Z",
"ID": "CVE-2021-28507",
"STATE": "PUBLIC",
"TITLE": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.2F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.5.1M",
"version_value": "4.25.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.4M",
"version_value": "4.25.4"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.3",
"version_value": "4.25.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.24.7M",
"version_value": "4.24.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.23.9M",
"version_value": "4.23.0"
},
{
"version_affected": "=",
"version_name": "4.22.x",
"version_value": "4.22.x"
},
{
"version_affected": "\u003c=",
"version_name": "4.21.x",
"version_value": "4.21.x"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28507 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train\n4.23.10M and later releases in the 4.23.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606248"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "On the affected versions, all vulnerabilities can be mitigated by disabling OpenConfig gNMI/gNOI and OpenConfig RESTCONF and TerminAttr. If use of these agents is required, a hotfix employing a proxy service can be deployed."
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28507 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28507",
"datePublished": "2022-01-14T19:04:51.398195Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-17T04:20:33.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28505
Vulnerability from cvelistv5
Published
2022-04-14 20:05
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.3M < Version: 4.27.0F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.3M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.0F",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T20:05:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nArtista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28505 has been fixed in the following releases:\n\n4.26.4M and later releases in the 4.26.x train\n4.27.1F and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG",
"609752"
],
"discovery": "INTERNAL"
},
"title": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.",
"workarounds": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \u003c br/\u003e If VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-03-29T21:53:00.000Z",
"ID": "CVE-2021-28505",
"STATE": "PUBLIC",
"TITLE": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.3M",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0F",
"version_value": "4.27.0"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nArtista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28505 has been fixed in the following releases:\n\n4.26.4M and later releases in the 4.26.x train\n4.27.1F and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG",
"609752"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \u003c br/\u003e If VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28505",
"datePublished": "2022-04-14T20:05:50.059934Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T16:58:06.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-7095
Vulnerability from cvelistv5
Published
2025-01-10 20:19
Modified
2025-01-14 14:33
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0F < Version: 4.31.0M < Version: 4.30.0M < Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.0 < Version: 4.25.0 < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:31:59.560743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:33:54.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.4M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.7M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.22.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-7095, the following conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eSNMP must be configured, and\u003c/li\u003e\u003cli\u003e\u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d must be configured\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf the necessary configurations are present, \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like below, where \u003cb\u003eTransmit message maximum size\u003c/b\u003e\u0026nbsp;will contain a number smaller than the default of 65536:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf SNMP is not configured there is no exposure to this issue and the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent disabled:\u003c/span\u003e Either no communities and no users are configured, or no VRFs are configured.\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the \u003cb\u003etransmit max-size\u003c/b\u003e\u0026nbsp;is not configured there is no exposure to this issue and even if SNMP is configured, the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eTransmit message maximum size: 65536\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-7095, the following conditions must be met:\n\n * SNMP must be configured, and\n * \u201csnmp-server transmit max-size\u201d must be configured\nIf the necessary configurations are present, show snmp\u00a0output will look something like below, where Transmit message maximum size\u00a0will contain a number smaller than the default of 65536:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\n\n\n\u00a0\n\nIf SNMP is not configured there is no exposure to this issue and the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\nSNMP agent disabled: Either no communities and no users are configured, or no VRFs are configured.\n\n\n\u00a0\n\nIf the transmit max-size\u00a0is not configured there is no exposure to this issue and even if SNMP is configured, the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536"
}
],
"datePublic": "2024-11-19T20:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with SNMP configured, if \u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "capex-130"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-401",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:19:10.234Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7095 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-7095 has been fixed in the following releases:\n\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "107",
"defect": [
"BUG974415"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable \u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u0026nbsp;configuration:\u003c/p\u003e\u003cpre\u003eno snmp-server transmit max-size\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to disable snmp-server transmit max-size\u00a0configuration:\n\nno snmp-server transmit max-size"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-7095",
"datePublished": "2025-01-10T20:19:10.234Z",
"dateReserved": "2024-07-24T22:07:44.124Z",
"dateUpdated": "2025-01-14T14:33:54.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28504
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.3F < Version: 4.27.0F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.3F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.0F",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28504 has been fixed in the following releases:\n\n4.26.4F and later releases in the 4.26.x train\n4.27.1M and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG608752"
],
"discovery": "INTERNAL"
},
"title": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...",
"workarounds": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \nIf VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28504",
"STATE": "PUBLIC",
"TITLE": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.3F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0F",
"version_value": "4.27.0"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28504 has been fixed in the following releases:\n\n4.26.4F and later releases in the 4.26.x train\n4.27.1M and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG608752"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \nIf VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28504",
"datePublished": "2022-04-01T22:17:50",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5872
Vulnerability from cvelistv5
Published
2025-01-10 20:25
Modified
2025-01-10 21:11
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0F < Version: 4.31.0M < Version: 4.30.0M < Version: 4.29.0M < Version: 4.28.1F < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5872",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T21:11:13.257737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:11:37.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.4M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.7M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.8M",
"status": "affected",
"version": "4.29.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.11F",
"status": "affected",
"version": "4.28.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\u003c/p\u003e\u003cp\u003eIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\u003c/p\u003e\u003cp\u003eTo check IPv4 L3 interface configuration:\u003c/p\u003e\u003cpre\u003eSwitch\u0026gt;show ip interface brief\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Address\nInterface \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u0026nbsp; 5.1.1.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\nManagement1 \u0026nbsp; 10.240.112.30/25 \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\nVlan4 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.1.1.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo check IPv6 L3 interface configuration:\u003c/p\u003e\u003cpre\u003eSwitch\u0026gt;show ipv6 interface brief\nInterface Status MTU IPv6 Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; 1500 fe80::d3ff:fe5f:73e9/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; link local\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;fdfd:5c41:712d::701e/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; config\nVl4 \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; 1500 fe80::d3ff:fe5f:73ea/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; link local\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;120::1/120 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; config\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eAND\u003c/div\u003e\u003cp\u003eAt least one of the following conditions (#\u2019s 1-4 below) must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eEither IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIP Routing : Disabled\u003c/span\u003e\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Unicast Routing : Disabled\u003c/span\u003e\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eFor packets with TTL of 0 or 1, all IP configurations are vulnerable.\u003cbr\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eUnicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIP Routing : Enabled\nIP Multicast Routing : Enabled\u003c/span\u003e\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\u003cbr\u003e\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u0026nbsp; \u0026nbsp;ip address 4.1.1.1/24\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003epim ipv4 sparse-mode\u003c/span\u003e\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eUnicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Multicast Routing : Enabled\u003c/span\u003e\nIPv6 Interfaces Forwarding : None\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Unicast Routing : Enabled\u003c/span\u003e\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u0026nbsp; \u0026nbsp;ipv6 address 120::1/120\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003epim ipv6 sparse-mode\u003c/span\u003e\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\n\nIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\n\nTo check IPv4 L3 interface configuration:\n\nSwitch\u003eshow ip interface brief\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Address\nInterface \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Protocol \u00a0 \u00a0 MTU \u00a0 Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u00a0 5.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nManagement1 \u00a0 10.240.112.30/25 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nVlan4 \u00a0 \u00a0 \u00a0 \u00a0 4.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\n\n\n\u00a0\n\nTo check IPv6 L3 interface configuration:\n\nSwitch\u003eshow ipv6 interface brief\nInterface Status MTU IPv6 Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73e9/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0fdfd:5c41:712d::701e/64 up \u00a0 \u00a0 \u00a0 \u00a0 config\nVl4 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73ea/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0120::1/120 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 config\n\n\n\u00a0\n\nAND\n\nAt least one of the following conditions (#\u2019s 1-4 below) must be met:\n\n * Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\nSwitch\u003eshow ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Disabled\n\n\n\nOR\n\n * For packets with TTL of 0 or 1, all IP configurations are vulnerable.\n\u00a0\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\nSwitch\u003eshow ip\n \nIP Routing : Enabled\nIP Multicast Routing : Enabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\n\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ip address 4.1.1.1/24\n\u00a0 \u00a0pim ipv4 sparse-mode\n\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\nSwitch\u003eshow ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Enabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Enabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ipv6 address 120::1/120\n\u00a0 \u00a0pim ipv6 sparse-mode"
}
],
"datePublic": "2024-11-19T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."
}
],
"value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-346",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:25:53.860Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-5872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.9M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.12M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-5872 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train\n * 4.29.9M and later releases in the 4.29.x train\n * 4.28.12M and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "106",
"defect": [
"BUG 884202"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no workaround."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-5872",
"datePublished": "2025-01-10T20:25:53.860Z",
"dateReserved": "2024-06-11T15:41:47.035Z",
"dateUpdated": "2025-01-10T21:11:37.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24511
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:47
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.28.0 4.28.5.1M Version: 4.27.0 4.27.8.1M Version: 4.26.0 4.26.9M Version: 4.25.0 4.25.10M Version: 4.24.0 4.24.11M Version: 4.29.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:47:38.119400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:47:42.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.28.0 4.28.5.1M"
},
{
"status": "affected",
"version": "4.27.0 4.27.8.1M"
},
{
"status": "affected",
"version": "4.26.0 4.26.9M"
},
{
"status": "affected",
"version": "4.25.0 4.25.10M"
},
{
"status": "affected",
"version": "4.24.0 4.24.11M"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24511, the following condition must be met:\n\nSNMP must be configured:\n"
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades\n\nCVE-2023-24511 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n"
},
{
"lang": "en",
"value": "The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.29.1F and below releases in the 4.29.x train\n4.28.5.1M and below releases in the 4.28.x train\n4.27.8.1M and below releases in the 4.27.x train\n4.26.9M and below releases in the 4.26.x train\n\nNote: Installing/uninstalling the SWIX will cause the snmpd process to restart\nVersion: 1.0\nURL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\nSWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\n(SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5"
}
],
"source": {
"advisory": "84",
"defect": [
"751040"
],
"discovery": "EXTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.",
"workarounds": [
{
"lang": "en",
"value": "If you suspect you are encountering this issue due to malicious activity, the workaround is to enable SNMP service ACLs to only allow specific IP addresses to query SNMP (combined with anti-spoofing ACLs in the rest of the network).\n\nsnmp-server ipv4 access-list allowHosts4\nsnmp-server ipv6 access-list allowHosts6\n!\nipv6 access-list allowHosts6\n 10 permit ipv6 host \u003cipv6 address\u003e any\n!\nip access-list allowHosts4\n 10 permit ip host \u003cipv4 address\u003e any\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24511",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:47:42.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24545
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:50
Severity ?
EPSS score ?
Summary
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.8M < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:17.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:50:36.827968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:50:41.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.4M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.7M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.8M",
"status": "affected",
"version": "4.26.8M",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24545 and CVE-2023-24513, the switch must be configured to run the Software Forwarding Engine (Sfe). Sfe is the default configuration on CloudEOS platforms. "
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24545 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.5M and later releases in the 4.28.x train\n4.27.8M and later releases in the 4.27.x train\n4.26.9M and later releases in the 4.26.x train\n"
},
{
"lang": "en",
"value": "The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains:\n\nNote: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds.\n4.29.1F and below releases in the 4.29.x Train:\nURL:SecurityAdvisory85_4.29_Hotfix.swix\nSWIX Hash:\nSHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs\n4.28.5M and below releases in the 4.28.x train:\nURL:SecurityAdvisory85_4.28_Hotfix.swix\nSWIX Hash:\n(SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079\n4.27.8M and below releases in the 4.27.x train:\nURL:SecurityAdvisory85_4.27_Hotfix.swix\nSWIX Hash:\n(SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go\n4.26.9M and below releases in the 4.26.x train:\nURL:SecurityAdvisory85_4.26_Hotfix.swix\nSWIX Hash:\n(SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2\n"
}
],
"source": {
"advisory": "85",
"defect": [
"743423"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.",
"workarounds": [
{
"lang": "en",
"value": "There is no mitigation / workaround for these issues."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24545",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-26T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:50:41.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-1259
Vulnerability from cvelistv5
Published
2025-03-04 19:44
Modified
2025-03-04 20:12
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:12:13.556121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:25.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in users retrieving data that should not have been available\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in users retrieving data that should not have been available"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:44:34.221Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\u003c/p\u003e\u003cp\u003eFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u0026nbsp;\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\n\nFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1259",
"datePublished": "2025-03-04T19:44:34.221Z",
"dateReserved": "2025-02-12T18:10:26.386Z",
"dateUpdated": "2025-03-04T20:12:25.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}