Vulnerability-Lookup

GHSA-CVXV-RH32-GJ86

Vulnerability from github – Published: 2023-04-12 21:30 – Updated: 2024-04-04 03:25

Details

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-24511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-12T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.",
  "id": "GHSA-cvxv-rh32-gj86",
  "modified": "2024-04-04T03:25:35Z",
  "published": "2023-04-12T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24511"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-24511 (GCVE-0-2023-24511)

Vulnerability from cvelistv5 – Published: 2023-04-12 00:00 – Updated: 2025-02-07 15:47

Title

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.

Summary

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-401 - Improper Release of Memory Before Removing Last Reference

Assigner

Arista

References

1 reference

URL	Tags
https://www.arista.com/en/support/advisories-noti…

Impacted products

1 product

Vendor	Product	Version
Arista Networks	EOS	Affected: 4.28.0 4.28.5.1M Affected: 4.27.0 4.27.8.1M Affected: 4.26.0 4.26.9M Affected: 4.25.0 4.25.10M Affected: 4.24.0 4.24.11M Affected: 4.29.0 , ≤ 4.29.1F (custom)

Date Public

2023-04-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T15:47:38.119400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T15:47:42.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EOS",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "4.28.0 4.28.5.1M"
            },
            {
              "status": "affected",
              "version": "4.27.0 4.27.8.1M"
            },
            {
              "status": "affected",
              "version": "4.26.0 4.26.9M"
            },
            {
              "status": "affected",
              "version": "4.25.0 4.25.10M"
            },
            {
              "status": "affected",
              "version": "4.24.0 4.24.11M"
            },
            {
              "lessThanOrEqual": "4.29.1F",
              "status": "affected",
              "version": "4.29.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "In order to be vulnerable to CVE-2023-24511, the following condition must be met:\n\nSNMP must be configured:\n"
        }
      ],
      "datePublic": "2023-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-12T00:00:00.000Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades\n\nCVE-2023-24511 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n"
        },
        {
          "lang": "en",
          "value": "The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.29.1F and below releases in the 4.29.x train\n4.28.5.1M and below releases in the 4.28.x train\n4.27.8.1M and below releases in the 4.27.x train\n4.26.9M and below releases in the 4.26.x train\n\nNote: Installing/uninstalling the SWIX will cause the snmpd process to restart\nVersion: 1.0\nURL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\nSWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\n(SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5"
        }
      ],
      "source": {
        "advisory": "84",
        "defect": [
          "751040"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.",
      "workarounds": [
        {
          "lang": "en",
          "value": "If you suspect you are encountering this issue due to malicious activity, the workaround is to enable SNMP service ACLs to only allow specific IP addresses to query SNMP (combined with anti-spoofing ACLs in the rest of the network).\n\nsnmp-server ipv4 access-list allowHosts4\nsnmp-server ipv6 access-list allowHosts6\n!\nipv6 access-list allowHosts6\n   10 permit ipv6 host \u003cipv6 address\u003e any\n!\nip access-list allowHosts4\n   10 permit ip host \u003cipv4 address\u003e any\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2023-24511",
    "datePublished": "2023-04-12T00:00:00.000Z",
    "dateReserved": "2023-01-24T00:00:00.000Z",
    "dateUpdated": "2025-02-07T15:47:42.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-CVXV-RH32-GJ86

CVE-2023-24511 (GCVE-0-2023-24511)

Tags

Sightings

Nomenclature