cve-2024-7095
Vulnerability from cvelistv5
Published
2025-01-10 20:19
Modified
2025-01-14 14:33
Severity ?
EPSS score ?
Summary
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | EOS |
Version: 4.32.0F < Version: 4.31.0M < Version: 4.30.0M < Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.0 < Version: 4.25.0 < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:31:59.560743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:33:54.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.4M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.7M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.22.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-7095, the following conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eSNMP must be configured, and\u003c/li\u003e\u003cli\u003e\u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d must be configured\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf the necessary configurations are present, \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like below, where \u003cb\u003eTransmit message maximum size\u003c/b\u003e\u0026nbsp;will contain a number smaller than the default of 65536:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf SNMP is not configured there is no exposure to this issue and the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent disabled:\u003c/span\u003e Either no communities and no users are configured, or no VRFs are configured.\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the \u003cb\u003etransmit max-size\u003c/b\u003e\u0026nbsp;is not configured there is no exposure to this issue and even if SNMP is configured, the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eTransmit message maximum size: 65536\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-7095, the following conditions must be met:\n\n * SNMP must be configured, and\n * \u201csnmp-server transmit max-size\u201d must be configured\nIf the necessary configurations are present, show snmp\u00a0output will look something like below, where Transmit message maximum size\u00a0will contain a number smaller than the default of 65536:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\n\n\n\u00a0\n\nIf SNMP is not configured there is no exposure to this issue and the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\nSNMP agent disabled: Either no communities and no users are configured, or no VRFs are configured.\n\n\n\u00a0\n\nIf the transmit max-size\u00a0is not configured there is no exposure to this issue and even if SNMP is configured, the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536"
}
],
"datePublic": "2024-11-19T20:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with SNMP configured, if \u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "capex-130"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-401",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:19:10.234Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7095 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-7095 has been fixed in the following releases:\n\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "107",
"defect": [
"BUG974415"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable \u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u0026nbsp;configuration:\u003c/p\u003e\u003cpre\u003eno snmp-server transmit max-size\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to disable snmp-server transmit max-size\u00a0configuration:\n\nno snmp-server transmit max-size"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-7095",
"datePublished": "2025-01-10T20:19:10.234Z",
"dateReserved": "2024-07-24T22:07:44.124Z",
"dateUpdated": "2025-01-14T14:33:54.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"On affected platforms running Arista EOS with SNMP configured, if \\u201csnmp-server transmit max-size\\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\"}]",
"id": "CVE-2024-7095",
"lastModified": "2025-01-10T21:15:13.570",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@arista.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2025-01-10T21:15:13.570",
"references": "[{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107\", \"source\": \"psirt@arista.com\"}]",
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Received"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7095\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2025-01-10T21:15:13.570\",\"lastModified\":\"2025-01-14T15:15:27.263\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\"},{\"lang\":\"es\",\"value\":\"En las plataformas afectadas que ejecutan Arista EOS con SNMP configurado, si se configura \u201csnmp-server transmit max-size\u201d, en algunas circunstancias, un paquete especialmente manipulado puede provocar que el proceso snmpd pierda memoria. Esto puede provocar la finalizaci\u00f3n del proceso snmpd (lo que hace que las solicitudes SNMP se agoten hasta que se reinicie snmpd) y la presi\u00f3n de memoria para otros procesos en el conmutador. El aumento de la presi\u00f3n de memoria tambi\u00e9n puede provocar que otros procesos adem\u00e1s de snmpd corran el riesgo de una finalizaci\u00f3n inesperada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107\",\"source\":\"psirt@arista.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7095\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T14:31:59.560743Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T14:32:11.881Z\"}}], \"cna\": {\"title\": \"On affected platforms running Arista EOS with SNMP configured, if \\u201csnmp-server transmit max-size\\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term\", \"source\": {\"defect\": [\"BUG974415\"], \"advisory\": \"107\", \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"capex-130\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"EOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.32.0F\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.32.2F\"}, {\"status\": \"affected\", \"version\": \"4.31.0M\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.31.4M\"}, {\"status\": \"affected\", \"version\": \"4.30.0M\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.30.7M\"}, {\"status\": \"affected\", \"version\": \"4.29.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.28.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.27.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.26.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.25.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.24.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.23.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.22.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \\n\\n\\u00a0\\n\\nCVE-2024-7095 has been fixed in the following releases:\\n\\n * 4.32.3M and later releases in the 4.32.x train\\n * 4.31.5M and later releases in the 4.31.x train\\n * 4.30.8M and later releases in the 4.30.x train\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\\\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7095 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-11-19T20:08:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The workaround is to disable snmp-server transmit max-size\\u00a0configuration:\\n\\nno snmp-server transmit max-size\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe workaround is to disable \u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u0026nbsp;configuration:\u003c/p\u003e\u003cpre\u003eno snmp-server transmit max-size\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On affected platforms running Arista EOS with SNMP configured, if \\u201csnmp-server transmit max-size\\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eOn affected platforms running Arista EOS with SNMP configured, if \\u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"cwe-401\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable to CVE-2024-7095, the following conditions must be met:\\n\\n * SNMP must be configured, and\\n * \\u201csnmp-server transmit max-size\\u201d must be configured\\nIf the necessary configurations are present, show snmp\\u00a0output will look something like below, where Transmit message maximum size\\u00a0will contain a number smaller than the default of 65536:\\n\\nswitch\u003eshow snmp\\nChassis: None\\n0 SNMP packets input\\n\\u00a0 \\u00a0 0 Bad SNMP version errors\\n\\u00a0 \\u00a0 0 Unknown community name\\n\\u00a0 \\u00a0 0 Illegal operation for community name supplied\\n\\u00a0 \\u00a0 0 Encoding errors\\n\\u00a0 \\u00a0 0 Number of requested variables\\n\\u00a0 \\u00a0 0 Number of altered variables\\n\\u00a0 \\u00a0 0 Get-request PDUs\\n\\u00a0 \\u00a0 0 Get-next PDUs\\n\\u00a0 \\u00a0 0 Set-request PDUs\\n0 SNMP packets output\\n\\u00a0 \\u00a0 0 Too big errors\\n\\u00a0 \\u00a0 0 No such name errors\\n\\u00a0 \\u00a0 0 Bad value errors\\n\\u00a0 \\u00a0 0 General errors\\n\\u00a0 \\u00a0 0 Response PDUs\\n\\u00a0 \\u00a0 0 Trap PDUs\\n\\u00a0 \\u00a0 0 Trap drops\\nAccess Control\\n\\u00a0 \\u00a0 0 Users\\n\\u00a0 \\u00a0 0 Groups\\n\\u00a0 \\u00a0 0 Views\\nSNMP logging: disabled\\nSNMP agent enabled in VRFs: default\\nTransmit message maximum size: 1500\\n\\n\\n\\u00a0\\n\\nIf SNMP is not configured there is no exposure to this issue and the show snmp\\u00a0output will look something like:\\n\\nswitch\u003eshow snmp\\nChassis: XXXXXXXXXXX\\nSNMP agent enabled in VRFs: default\\nTransmit message maximum size: 65536\\nSNMP agent disabled: Either no communities and no users are configured, or no VRFs are configured.\\n\\n\\n\\u00a0\\n\\nIf the transmit max-size\\u00a0is not configured there is no exposure to this issue and even if SNMP is configured, the show snmp\\u00a0output will look something like:\\n\\nswitch\u003eshow snmp\\nChassis: None\\n0 SNMP packets input\\n\\u00a0 \\u00a0 0 Bad SNMP version errors\\n\\u00a0 \\u00a0 0 Unknown community name\\n\\u00a0 \\u00a0 0 Illegal operation for community name supplied\\n\\u00a0 \\u00a0 0 Encoding errors\\n\\u00a0 \\u00a0 0 Number of requested variables\\n\\u00a0 \\u00a0 0 Number of altered variables\\n\\u00a0 \\u00a0 0 Get-request PDUs\\n\\u00a0 \\u00a0 0 Get-next PDUs\\n\\u00a0 \\u00a0 0 Set-request PDUs\\n0 SNMP packets output\\n\\u00a0 \\u00a0 0 Too big errors\\n\\u00a0 \\u00a0 0 No such name errors\\n\\u00a0 \\u00a0 0 Bad value errors\\n\\u00a0 \\u00a0 0 General errors\\n\\u00a0 \\u00a0 0 Response PDUs\\n\\u00a0 \\u00a0 0 Trap PDUs\\n\\u00a0 \\u00a0 0 Trap drops\\nAccess Control\\n\\u00a0 \\u00a0 0 Users\\n\\u00a0 \\u00a0 0 Groups\\n\\u00a0 \\u00a0 0 Views\\nSNMP logging: disabled\\nSNMP agent enabled in VRFs: default\\nTransmit message maximum size: 65536\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable to CVE-2024-7095, the following conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eSNMP must be configured, and\u003c/li\u003e\u003cli\u003e\\u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\\u201d must be configured\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf the necessary configurations are present, \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like below, where \u003cb\u003eTransmit message maximum size\u003c/b\u003e\u0026nbsp;will contain a number smaller than the default of 65536:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\\nChassis: None\\n0 SNMP packets input\\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\\n0 SNMP packets output\\n\u0026nbsp; \u0026nbsp; 0 Too big errors\\n\u0026nbsp; \u0026nbsp; 0 No such name errors\\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\\n\u0026nbsp; \u0026nbsp; 0 General errors\\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\\n\u0026nbsp; \u0026nbsp; 0 Trap drops\\nAccess Control\\n\u0026nbsp; \u0026nbsp; 0 Users\\n\u0026nbsp; \u0026nbsp; 0 Groups\\n\u0026nbsp; \u0026nbsp; 0 Views\\nSNMP logging: disabled\\n\u003cspan style=\\\"background-color: rgb(255, 255, 0);\\\"\u003eSNMP agent enabled in VRFs: default\\nTransmit message maximum size: 1500\u003c/span\u003e\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf SNMP is not configured there is no exposure to this issue and the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\\nChassis: XXXXXXXXXXX\\nSNMP agent enabled in VRFs: default\\nTransmit message maximum size: 65536\\n\u003cspan style=\\\"background-color: rgb(255, 255, 0);\\\"\u003eSNMP agent disabled:\u003c/span\u003e Either no communities and no users are configured, or no VRFs are configured.\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the \u003cb\u003etransmit max-size\u003c/b\u003e\u0026nbsp;is not configured there is no exposure to this issue and even if SNMP is configured, the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\\nChassis: None\\n0 SNMP packets input\\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\\n0 SNMP packets output\\n\u0026nbsp; \u0026nbsp; 0 Too big errors\\n\u0026nbsp; \u0026nbsp; 0 No such name errors\\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\\n\u0026nbsp; \u0026nbsp; 0 General errors\\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\\n\u0026nbsp; \u0026nbsp; 0 Trap drops\\nAccess Control\\n\u0026nbsp; \u0026nbsp; 0 Users\\n\u0026nbsp; \u0026nbsp; 0 Groups\\n\u0026nbsp; \u0026nbsp; 0 Views\\nSNMP logging: disabled\\nSNMP agent enabled in VRFs: default\\n\u003cspan style=\\\"background-color: rgb(255, 255, 0);\\\"\u003eTransmit message maximum size: 65536\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2025-01-10T20:19:10.234Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7095\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-14T14:33:54.850Z\", \"dateReserved\": \"2024-07-24T22:07:44.124Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2025-01-10T20:19:10.234Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.