FKIE_CVE-2023-24509

Vulnerability from fkie_nvd - Published: 2023-04-13 20:15 - Updated: 2024-11-21 07:48
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
References
psirt@arista.comhttps://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082Exploit, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082Exploit, Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
arista eos *
arista eos *
arista eos *
arista eos *
arista eos *
arista eos *
arista 704x3 -
arista 7304x -
arista 7304x3 -
arista 7308x -
arista 7316x -
arista 7324x -
arista 7328x -
arista 7504r -
arista 7504r3 -
arista 7508r -
arista 7508r3 -
arista 7512r -
arista 7512r3 -
arista 7516r -
arista 755x -
arista 758x -
arista 7804r3 -
arista 7808r3 -
arista 7812r3 -
arista 7816r3 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "498704F8-24D4-48C9-A5CB-4A8F7054AA49",
              "versionEndIncluding": "4.23.13m",
              "versionStartIncluding": "4.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8923F137-B1BA-49FF-A100-AD357966EE4F",
              "versionEndExcluding": "4.24.11m",
              "versionStartIncluding": "4.24.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6EA8CE-BAA4-4B4D-8A9F-A65018FC6B3A",
              "versionEndExcluding": "4.25.10m",
              "versionStartIncluding": "4.25.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "659190E5-DFB0-4172-BD6F-1B9E22533CE5",
              "versionEndExcluding": "4.26.9m",
              "versionStartIncluding": "4.26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20966F67-1C70-458C-A4EF-02612345DE48",
              "versionEndExcluding": "4.27.7m",
              "versionStartIncluding": "4.27.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F57FAA3-518C-498C-9580-19A207C8F176",
              "versionEndExcluding": "4.28.4m",
              "versionStartIncluding": "4.28.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arista:704x3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7C0C33F-72A7-41CA-A666-1CEC9F0FE02F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7304x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65C6E0C9-7F81-4CE3-BD46-7939667E5969",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78FE473B-CA6E-4E8D-8DBF-676B1ECBB185",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7308x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A8ABF1-ADF4-474D-B01B-8BB271E1263E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7316x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73ECE6D6-12E5-4396-9C19-3B2E08E13147",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8862F74-E399-41EE-A081-62D99A7C1755",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F16261D-639F-4CAB-BDA6-EF3F277E663C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7504r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1F369D-93BF-4259-99F5-97FBEF79BBA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7508r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F35978B6-889C-47DB-971B-B2A12FF537E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7512r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2360E039-5F12-4210-8578-7EBDA4575A6E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7516r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D45E5E5-7EB9-41E7-8EEE-570E6646EDDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:755x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "585E3617-2B1F-4E58-853A-0E9703B91B80",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:758x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13B1D90C-73CC-49A2-B202-B07D96226729",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54F3D32-5A07-4791-90BF-96BD8A24C2F6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability."
    }
  ],
  "id": "CVE-2023-24509",
  "lastModified": "2024-11-21T07:48:00.993",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "psirt@arista.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-13T20:15:08.843",
  "references": [
    {
      "source": "psirt@arista.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082"
    }
  ],
  "sourceIdentifier": "psirt@arista.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "psirt@arista.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.