Vulnerabilites related to Arista Networks - EOS
CVE-2023-3646 (GCVE-0-2023-3646)
Vulnerability from cvelistv5
Published
2023-08-29 16:31
Modified
2024-09-30 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.28.2F < Version: 4.29.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:25.757684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:44:07.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.28.5.1M ",
"status": "affected",
"version": "4.28.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring to multiple destinations must be configured:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch(config)#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSession s1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------------------\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSources:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBoth Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; Et1/1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDestination Ports:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et9/1 : active\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et10/1 : active\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example two destinations, Et9/1 and Et10/1, are configured.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring config must be added with mirror destination being ethernet port, example:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch # show running-config | section monitor\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003emonitor session APCON destination Ethernet54/1\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example the argument after destination is an Ethernet port.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: \u00a0 \u00a0 \u00a0 Et1/1\n\n\nDestination Ports:\n\n\n\u00a0 \u00a0 Et9/1 : active\n\n\u00a0 \u00a0 Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-603",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-603 Blockage"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:31:57.668Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-3646 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.6M and later releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.2F and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.2F through 4.28.5.1M releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.1F and earlier releases in the 4.29.X train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\u003c/p\u003e\u003cp\u003eTo determine which hotfix to use, run \u201c\u003cb\u003eshow version\u003c/b\u003e\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\u003c/p\u003e\u003cdiv\u003eVersion: 1.0\u003cbr\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run \u201cshow version\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n\u00a0\n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n\u00a0\n\nFor instructions on installation and verification of the hotfix patch, refer to the \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\n\n\n"
}
],
"source": {
"advisory": "88",
"defect": [
"BUG829136",
"BUG765111"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe suggestion to prevent this issue is to remove any mirroring config\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eNo sessions created\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-3646",
"datePublished": "2023-08-29T16:31:57.668Z",
"dateReserved": "2023-07-12T17:53:27.986Z",
"dateUpdated": "2024-09-30T17:44:07.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24513 (GCVE-0-2023-24513)
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-126 - Buffer Over-read
Summary
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:47:04.977700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:47:10.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.5M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.8M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.9M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24545 and CVE-2023-24513, the switch must be configured to run the Software Forwarding Engine (Sfe). Sfe is the default configuration on CloudEOS platforms. "
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24513 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n\n"
},
{
"lang": "en",
"value": "The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains:\n\nNote: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds.\n4.29.1F and below releases in the 4.29.x Train:\nURL:SecurityAdvisory85_4.29_Hotfix.swix\nSWIX Hash:\nSHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs\n4.28.5M and below releases in the 4.28.x train:\nURL:SecurityAdvisory85_4.28_Hotfix.swix\nSWIX Hash:\n(SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079\n4.27.8M and below releases in the 4.27.x train:\nURL:SecurityAdvisory85_4.27_Hotfix.swix\nSWIX Hash:\n(SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go\n4.26.9M and below releases in the 4.26.x train:\nURL:SecurityAdvisory85_4.26_Hotfix.swix\nSWIX Hash:\n(SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2\n"
}
],
"source": {
"advisory": "85",
"defect": [
"764777"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...",
"workarounds": [
{
"lang": "en",
"value": "There is no mitigation / workaround for these issues."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24513",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:47:10.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2826 (GCVE-0-2025-2826)
Vulnerability from cvelistv5
Published
2025-05-27 22:22
Modified
2025-05-28 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
* Packets which should be permitted may be dropped and,
* Packets which should be dropped may be permitted.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.2F < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:33:59.901353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:08.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.2F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPV4 ACL ipv4ACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eMAC ACL macAcl\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eStandard IPV6 ACL ipv6StandardACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et21/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et21/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nIPV4 ACL ipv4ACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\nMAC ACL macAcl\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nStandard IPV6 ACL ipv6StandardACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et21/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et21/1\n\n\n\u00a0\n\nIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003en affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\u003c/p\u003e\u003col\u003e\u003cli\u003ePackets which should be permitted may be dropped and,\u003c/li\u003e\u003cli\u003ePackets which should be dropped may be permitted.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\n\n * Packets which should be permitted may be dropped and,\n * Packets which should be dropped may be permitted."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:22:51.717Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-2826 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2.1F, 4.33.3F and later releases in the 4.33.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-2826 has been fixed in the following releases:\n\n * 4.33.2.1F, 4.33.3F and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA120",
"defect": [
"BUG 795398"
],
"discovery": "INTERNAL"
},
"title": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-2826",
"datePublished": "2025-05-27T22:22:51.717Z",
"dateReserved": "2025-03-26T16:02:22.894Z",
"dateUpdated": "2025-05-28T13:34:08.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28504 (GCVE-0-2021-28504)
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.3F < Version: 4.27.0F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.3F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.0F",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T22:17:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28504 has been fixed in the following releases:\n\n4.26.4F and later releases in the 4.26.x train\n4.27.1M and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG608752"
],
"discovery": "INTERNAL"
},
"title": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...",
"workarounds": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \nIf VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28504",
"STATE": "PUBLIC",
"TITLE": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.3F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0F",
"version_value": "4.27.0"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Arista Strata family products which have \u201cTCAM profile\u201d feature enabled when Port IPv4 access-list has a rule which matches on \u201cvxlan\u201d as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28504 has been fixed in the following releases:\n\n4.26.4F and later releases in the 4.26.x train\n4.27.1M and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG608752"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \nIf VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28504",
"datePublished": "2022-04-01T22:17:50",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28506 (GCVE-0-2021-28506)
Vulnerability from cvelistv5
Published
2022-01-14 19:04
Modified
2024-09-16 22:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.2F < Version: 4.25.5.1M < Version: 4.25.4M < Version: 4.25.3 < Version: 4.24.7M < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.5",
"status": "affected",
"version": "4.25.5.1M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.4",
"status": "affected",
"version": "4.25.4M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.2F",
"status": "affected",
"version": "4.24.7M",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:04:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28506 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606192"
],
"discovery": "EXTERNAL"
},
"title": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.",
"workarounds": [
{
"lang": "en",
"value": "No mitigation options available"
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28506 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-01-11T22:22:00.000Z",
"ID": "CVE-2021-28506",
"STATE": "PUBLIC",
"TITLE": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.2F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.5.1M",
"version_value": "4.25.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.4M",
"version_value": "4.25.4"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.3",
"version_value": "4.25.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.24.7M",
"version_value": "4.24.2F"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28506 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606192"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "No mitigation options available"
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28506 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28506",
"datePublished": "2022-01-14T19:04:50.282050Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T22:09:48.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9448 (GCVE-0-2024-9448)
Vulnerability from cvelistv5
Published
2025-05-08 19:14
Modified
2025-05-08 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:28:16.811276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:29:47.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.0"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9448, the following condition must be met:\u003c/p\u003e\u003cdiv\u003eA Traffic Policy must be configured:\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show traffic-policy vlan\nTraffic policy myPolicy\n\u0026nbsp; \u0026nbsp;Configured on VLANs: 42, 43\n\u0026nbsp; \u0026nbsp;Applied on VLANs for IPv4 traffic: 42, 43\n\u0026nbsp; \u0026nbsp;Applied on VLANs for IPv6 traffic: 42, 43\n\u0026nbsp; \u0026nbsp;Total number of rules configured: 4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match anIpv4Rule ipv4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActions: Drop\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match anIpv6Rule ipv6\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActions: Drop\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match ipv4-all-default ipv4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match ipv6-all-default ipv6\nswitch\u0026gt;\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf a Traffic Policy is not configured there is no exposure to this issue and the message will look something like:\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show traffic-policy vlan \nswitch\u0026gt;\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9448, the following condition must be met:\n\nA Traffic Policy must be configured:\n\n\u00a0\n\nswitch\u003eshow traffic-policy vlan\nTraffic policy myPolicy\n\u00a0 \u00a0Configured on VLANs: 42, 43\n\u00a0 \u00a0Applied on VLANs for IPv4 traffic: 42, 43\n\u00a0 \u00a0Applied on VLANs for IPv6 traffic: 42, 43\n\u00a0 \u00a0Total number of rules configured: 4\n\u00a0 \u00a0 \u00a0 match anIpv4Rule ipv4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Actions: Drop\n\u00a0 \u00a0 \u00a0 match anIpv6Rule ipv6\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Actions: Drop\n\u00a0 \u00a0 \u00a0 match ipv4-all-default ipv4\n\u00a0 \u00a0 \u00a0 match ipv6-all-default ipv6\nswitch\u003e\n\n\n\u00a0\n\nIf a Traffic Policy is not configured there is no exposure to this issue and the message will look something like:\n\n\u00a0\n\nswitch\u003eshow traffic-policy vlan \nswitch\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations."
}
],
"impacts": [
{
"capecId": "CAPEC-200",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-200 Removal of filters: Input filters, output filters, data masking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:14:00.226Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21121-security-advisory-0112"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-9448 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.1F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-9448 has been fixed in the following releases:\n\n * 4.33.1F and later releases in the 4.33.x train\n * 4.32.4M and later releases in the 4.32.x train\n * 4.31.6M and later releases in the 4.31.x train\n * 4.30.9M and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "112",
"defect": [
"BUG 992963"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no mitigation other than to not use the Traffic Policy feature where it would be expected to match on receipt of untagged packets.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no mitigation other than to not use the Traffic Policy feature where it would be expected to match on receipt of untagged packets."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9448",
"datePublished": "2025-05-08T19:14:00.226Z",
"dateReserved": "2024-10-02T20:39:01.319Z",
"dateUpdated": "2025-05-08T19:29:47.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24511 (GCVE-0-2023-24511)
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Improper Release of Memory Before Removing Last Reference
Summary
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.28.0 4.28.5.1M Version: 4.27.0 4.27.8.1M Version: 4.26.0 4.26.9M Version: 4.25.0 4.25.10M Version: 4.24.0 4.24.11M Version: 4.29.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:47:38.119400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:47:42.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.28.0 4.28.5.1M"
},
{
"status": "affected",
"version": "4.27.0 4.27.8.1M"
},
{
"status": "affected",
"version": "4.26.0 4.26.9M"
},
{
"status": "affected",
"version": "4.25.0 4.25.10M"
},
{
"status": "affected",
"version": "4.24.0 4.24.11M"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24511, the following condition must be met:\n\nSNMP must be configured:\n"
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades\n\nCVE-2023-24511 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n"
},
{
"lang": "en",
"value": "The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.29.1F and below releases in the 4.29.x train\n4.28.5.1M and below releases in the 4.28.x train\n4.27.8.1M and below releases in the 4.27.x train\n4.26.9M and below releases in the 4.26.x train\n\nNote: Installing/uninstalling the SWIX will cause the snmpd process to restart\nVersion: 1.0\nURL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\nSWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\n(SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5"
}
],
"source": {
"advisory": "84",
"defect": [
"751040"
],
"discovery": "EXTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.",
"workarounds": [
{
"lang": "en",
"value": "If you suspect you are encountering this issue due to malicious activity, the workaround is to enable SNMP service ACLs to only allow specific IP addresses to query SNMP (combined with anti-spoofing ACLs in the rest of the network).\n\nsnmp-server ipv4 access-list allowHosts4\nsnmp-server ipv6 access-list allowHosts6\n!\nipv6 access-list allowHosts6\n 10 permit ipv6 host \u003cipv6 address\u003e any\n!\nip access-list allowHosts4\n 10 permit ip host \u003cipv4 address\u003e any\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24511",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-24T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:47:42.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5872 (GCVE-0-2024-5872)
Vulnerability from cvelistv5
Published
2025-01-10 20:25
Modified
2025-01-10 21:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-346
Summary
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0F < Version: 4.31.0M < Version: 4.30.0M < Version: 4.29.0M < Version: 4.28.1F < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5872",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T21:11:13.257737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:11:37.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.4M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.7M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.8M",
"status": "affected",
"version": "4.29.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.11F",
"status": "affected",
"version": "4.28.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\u003c/p\u003e\u003cp\u003eIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\u003c/p\u003e\u003cp\u003eTo check IPv4 L3 interface configuration:\u003c/p\u003e\u003cpre\u003eSwitch\u0026gt;show ip interface brief\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Address\nInterface \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u0026nbsp; 5.1.1.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\nManagement1 \u0026nbsp; 10.240.112.30/25 \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\nVlan4 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 4.1.1.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo check IPv6 L3 interface configuration:\u003c/p\u003e\u003cpre\u003eSwitch\u0026gt;show ipv6 interface brief\nInterface Status MTU IPv6 Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; 1500 fe80::d3ff:fe5f:73e9/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; link local\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;fdfd:5c41:712d::701e/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; config\nVl4 \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; 1500 fe80::d3ff:fe5f:73ea/64 up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; link local\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;120::1/120 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; config\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eAND\u003c/div\u003e\u003cp\u003eAt least one of the following conditions (#\u2019s 1-4 below) must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eEither IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIP Routing : Disabled\u003c/span\u003e\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Unicast Routing : Disabled\u003c/span\u003e\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eFor packets with TTL of 0 or 1, all IP configurations are vulnerable.\u003cbr\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eUnicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIP Routing : Enabled\nIP Multicast Routing : Enabled\u003c/span\u003e\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\u003cbr\u003e\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u0026nbsp; \u0026nbsp;ip address 4.1.1.1/24\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003epim ipv4 sparse-mode\u003c/span\u003e\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR\u003c/div\u003e\u003col\u003e\u003cli\u003eUnicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\u003cbr\u003e\u003cpre\u003eSwitch\u0026gt;show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Multicast Routing : Enabled\u003c/span\u003e\nIPv6 Interfaces Forwarding : None\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPv6 Unicast Routing : Enabled\u003c/span\u003e\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u0026nbsp; \u0026nbsp;ipv6 address 120::1/120\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003epim ipv6 sparse-mode\u003c/span\u003e\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\n\nIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\n\nTo check IPv4 L3 interface configuration:\n\nSwitch\u003eshow ip interface brief\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Address\nInterface \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Protocol \u00a0 \u00a0 MTU \u00a0 Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u00a0 5.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nManagement1 \u00a0 10.240.112.30/25 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nVlan4 \u00a0 \u00a0 \u00a0 \u00a0 4.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\n\n\n\u00a0\n\nTo check IPv6 L3 interface configuration:\n\nSwitch\u003eshow ipv6 interface brief\nInterface Status MTU IPv6 Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73e9/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0fdfd:5c41:712d::701e/64 up \u00a0 \u00a0 \u00a0 \u00a0 config\nVl4 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73ea/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0120::1/120 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 config\n\n\n\u00a0\n\nAND\n\nAt least one of the following conditions (#\u2019s 1-4 below) must be met:\n\n * Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\nSwitch\u003eshow ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Disabled\n\n\n\nOR\n\n * For packets with TTL of 0 or 1, all IP configurations are vulnerable.\n\u00a0\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\nSwitch\u003eshow ip\n \nIP Routing : Enabled\nIP Multicast Routing : Enabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\n\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ip address 4.1.1.1/24\n\u00a0 \u00a0pim ipv4 sparse-mode\n\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\nSwitch\u003eshow ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Enabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Enabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ipv6 address 120::1/120\n\u00a0 \u00a0pim ipv6 sparse-mode"
}
],
"datePublic": "2024-11-19T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."
}
],
"value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-346",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:25:53.860Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-5872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.9M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.12M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-5872 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train\n * 4.29.9M and later releases in the 4.29.x train\n * 4.28.12M and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "106",
"defect": [
"BUG 884202"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no workaround."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-5872",
"datePublished": "2025-01-10T20:25:53.860Z",
"dateReserved": "2024-06-11T15:41:47.035Z",
"dateUpdated": "2025-01-10T21:11:37.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24545 (GCVE-0-2023-24545)
Vulnerability from cvelistv5
Published
2023-04-12 00:00
Modified
2025-02-07 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.8M < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:17.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:50:36.827968Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:50:41.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.4M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.7M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.8M",
"status": "affected",
"version": "4.26.8M",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24545 and CVE-2023-24513, the switch must be configured to run the Software Forwarding Engine (Sfe). Sfe is the default configuration on CloudEOS platforms. "
}
],
"datePublic": "2023-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24545 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.5M and later releases in the 4.28.x train\n4.27.8M and later releases in the 4.27.x train\n4.26.9M and later releases in the 4.26.x train\n"
},
{
"lang": "en",
"value": "The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains:\n\nNote: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds.\n4.29.1F and below releases in the 4.29.x Train:\nURL:SecurityAdvisory85_4.29_Hotfix.swix\nSWIX Hash:\nSHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs\n4.28.5M and below releases in the 4.28.x train:\nURL:SecurityAdvisory85_4.28_Hotfix.swix\nSWIX Hash:\n(SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079\n4.27.8M and below releases in the 4.27.x train:\nURL:SecurityAdvisory85_4.27_Hotfix.swix\nSWIX Hash:\n(SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go\n4.26.9M and below releases in the 4.26.x train:\nURL:SecurityAdvisory85_4.26_Hotfix.swix\nSWIX Hash:\n(SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2\n"
}
],
"source": {
"advisory": "85",
"defect": [
"743423"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.",
"workarounds": [
{
"lang": "en",
"value": "There is no mitigation / workaround for these issues."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24545",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-01-26T00:00:00.000Z",
"dateUpdated": "2025-02-07T15:50:41.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28511 (GCVE-0-2021-28511)
Vulnerability from cvelistv5
Published
2022-08-05 16:47
Modified
2024-09-16 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.24.0 < Version: 4.25.0 < Version: 4.26.0 < Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:31.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.24.9",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.8",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.5",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.3",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T16:47:29",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe fixed versions for the currently supported release trains are as follows:\n\n4.24.10 and later releases in the 4.24.x train\n4.25.9 and later releases in the 4.25.x train\n4.26.6 and later releases in the 4.26.x train\n4.27.4 and later releases in the 4.27.x train\n4.28.0 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "78",
"defect": [
"BUG",
"641088"
],
"discovery": "INTERNAL"
},
"title": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ...",
"workarounds": [
{
"lang": "en",
"value": "Configure a NAT \u201cdrop\u201d ACL rule for each security ACL \u201cdrop\u201d rule that should be applied to the interface that has NAT configured. This will prevent the packets from being translated at the expense of maintaining the configuration in two places."
}
],
"x_ConverterErrors": {
"TITLE": {
"error": "TITLE too long. Truncating in v5 record.",
"message": "Truncated!"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-07-19T21:15:00.000Z",
"ID": "CVE-2021-28511",
"STATE": "PUBLIC",
"TITLE": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.24.0",
"version_value": "4.24.9"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.0",
"version_value": "4.25.8"
},
{
"version_affected": "\u003c=",
"version_name": "4.26.0",
"version_value": "4.26.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0",
"version_value": "4.27.3"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nThe fixed versions for the currently supported release trains are as follows:\n\n4.24.10 and later releases in the 4.24.x train\n4.25.9 and later releases in the 4.25.x train\n4.26.6 and later releases in the 4.26.x train\n4.27.4 and later releases in the 4.27.x train\n4.28.0 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "78",
"defect": [
"BUG",
"641088"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Configure a NAT \u201cdrop\u201d ACL rule for each security ACL \u201cdrop\u201d rule that should be applied to the interface that has NAT configured. This will prevent the packets from being translated at the expense of maintaining the configuration in two places."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28511",
"datePublished": "2022-08-05T16:47:31.584165Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T17:15:30.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8000 (GCVE-0-2024-8000)
Vulnerability from cvelistv5
Published
2025-03-04 20:20
Modified
2025-03-04 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:23.880423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:33:37.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.4M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003e802.1X must be configured.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eThe customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eASU must have occurred ( more information about the upgrade process can be found here at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eUpgrades and Downgrades - Arista\u003c/a\u003e\u0026nbsp;). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe below example shows an example of this issue before and after ASU:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\", \u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\u003c/p\u003e\u003cp\u003eWhen ASU is performed:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cp\u003eThe above example is after ASU. Note the nasFilterRule is now only one line. \u003c/p\u003e\u003cp\u003eNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\n\n * 802.1X must be configured.\u00a0\n\n\n * The customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u00a0\n\n\n * ASU must have occurred ( more information about the upgrade process can be found here at Upgrades and Downgrades - Arista https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \u00a0). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \nThe below example shows an example of this issue before and after ASU:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\", \n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\n\u00a0\n\nThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\n\nWhen ASU is performed:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\nThe above example is after ASU. Note the nasFilterRule is now only one line. \n\nNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \u003c/p\u003e\u003cp\u003eNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:20:53.517Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e. \u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8000 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0M and above\u003c/li\u003e\u003cli\u003e4.32.5M and above releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6M and above releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and above releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades . \n\n\u00a0\n\nCVE-2024-8000 has been fixed in the following releases:\n\n * 4.33.0M and above\n * 4.32.5M and above releases in the 4.32.x train\n * 4.31.6M and above releases in the 4.31.x train\n * 4.30.9M and above releases in the 4.30.x train"
}
],
"source": {
"advisory": "109",
"defect": [
"989881"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to re-authenticate each supplicant. This can be done by running the command \u201c\u003cb\u003edot1x re-authenticate\u003c/b\u003e\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#dot1x re-authenticate\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `\u003cb\u003eshow logging\u003c/b\u003e` to show the supplicant has been successfully authenticated and `\u003cb\u003eshow ip access-lists\u003c/b\u003e` to verify the ACL is installed correctly. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u0026nbsp; \u0026nbsp;20 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 30 permit tcp any any eq 80\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 40 permit tcp any any eq 443\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 50 deny ip host 192.168.1.100\n \n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n\u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\"nasFilterRules\": [\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\n\u0026nbsp; \u0026nbsp; ],\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\u003c/pre\u003e\u003cp\u003eIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to re-authenticate each supplicant. This can be done by running the command \u201cdot1x re-authenticate\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \n\nswitch(Ethernet 1)#dot1x re-authenticate\n\n\n\u00a0\n\nAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\n\nswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\n\n\u00a0\n\nIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `show logging` to show the supplicant has been successfully authenticated and `show ip access-lists` to verify the ACL is installed correctly. \n\nswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u00a0 \u00a0 \u00a0 \u00a0 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u00a0 \u00a020 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u00a0 \u00a0 \u00a0 \u00a0 30 permit tcp any any eq 80\n\u00a0 \u00a0 \u00a0 \u00a0 40 permit tcp any any eq 443\n\u00a0 \u00a0 \u00a0 \u00a0 50 deny ip host 192.168.1.100\n \n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n\u00a0 \u00a0 \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n\u00a0 \u00a0 ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\nIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-8000",
"datePublished": "2025-03-04T20:20:53.517Z",
"dateReserved": "2024-08-19T23:25:41.372Z",
"dateUpdated": "2025-03-04T20:33:37.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9135 (GCVE-0-2024-9135)
Vulnerability from cvelistv5
Published
2025-03-04 20:12
Modified
2025-03-04 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:54.371098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:34:15.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.0"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8.1",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9.1",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0"
},
{
"lessThanOrEqual": "4.27.1",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9135, the following condition must be met:\u003c/p\u003e\u003cp\u003eBGP Link State must be configured:\u003c/p\u003e\u003cpre\u003eswitch# router bgp 65544\nswitch# \u0026nbsp; address-family link-state\nswitch# \u0026nbsp; \u0026nbsp; \u0026nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u0026nbsp; Description \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Neighbor V AS \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MsgRcvd \u0026nbsp; MsgSent InQ OutQ Up/Down State \u0026nbsp; NlriRcd NlriAcc\n \n\u0026nbsp; brw363 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.0.2.9 4 65550 \u0026nbsp; \u0026nbsp; \u0026nbsp; 194222 \u0026nbsp; 125149 \u0026nbsp; 0 \u0026nbsp; 0 01:08:41 Estab \u0026nbsp; 211948 211948\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# \u00a0 address-family link-state\nswitch# \u00a0 \u00a0 \u00a0 neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u00a0 Description \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Neighbor V AS \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MsgRcvd \u00a0 MsgSent InQ OutQ Up/Down State \u00a0 NlriRcd NlriAcc\n \n\u00a0 brw363 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 192.0.2.9 4 65550 \u00a0 \u00a0 \u00a0 194222 \u00a0 125149 \u00a0 0 \u00a0 0 01:08:41 Estab \u00a0 211948 211948\n\n\n\u00a0\n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch\u003esh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Dods from Meta\u2019s Infrastructure Security team."
}
],
"datePublic": "2025-01-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:02.025Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
],
"source": {
"advisory": "110",
"defect": [
"1006114"
],
"discovery": "UNKNOWN"
},
"title": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\u003c/p\u003e\u003cpre\u003e1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u0026gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\u0027\n3. Reload the switch or router\u003c/pre\u003e"
}
],
"value": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u003e /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u003e\u003e /mnt/flash/toggle_override\u0027\n3. Reload the switch or router"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9135",
"datePublished": "2025-03-04T20:12:02.025Z",
"dateReserved": "2024-09-23T23:03:07.318Z",
"dateUpdated": "2025-03-04T20:34:15.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1259 (GCVE-0-2025-1259)
Vulnerability from cvelistv5
Published
2025-03-04 19:44
Modified
2025-03-04 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:12:13.556121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:25.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in users retrieving data that should not have been available\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in users retrieving data that should not have been available"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:44:34.221Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\u003c/p\u003e\u003cp\u003eFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u0026nbsp;\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\n\nFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1259",
"datePublished": "2025-03-04T19:44:34.221Z",
"dateReserved": "2025-02-12T18:10:26.386Z",
"dateUpdated": "2025-03-04T20:12:25.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28505 (GCVE-0-2021-28505)
Vulnerability from cvelistv5
Published
2022-04-14 20:05
Modified
2024-09-16 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.26.3M < Version: 4.27.0F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.3M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.0F",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T20:05:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nArtista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28505 has been fixed in the following releases:\n\n4.26.4M and later releases in the 4.26.x train\n4.27.1F and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG",
"609752"
],
"discovery": "INTERNAL"
},
"title": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.",
"workarounds": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \u003c br/\u003e If VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-03-29T21:53:00.000Z",
"ID": "CVE-2021-28505",
"STATE": "PUBLIC",
"TITLE": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.3M",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.27.0F",
"version_value": "4.27.0"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\nArtista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28505 has been fixed in the following releases:\n\n4.26.4M and later releases in the 4.26.x train\n4.27.1F and later releases in the 4.27.x train"
}
],
"source": {
"advisory": "73",
"defect": [
"BUG",
"609752"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Replace \"vxlan\" IP protocol match with match on IP protocol \"udp\" and Layer 4 destination port for VxLAN encapsulated packets i.e 4789. \u003c br/\u003e If VXLAN L4 destination port number is not the default 4789 then use the configured L4 destination port number."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28505",
"datePublished": "2022-04-14T20:05:50.059934Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T16:58:06.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1260 (GCVE-0-2025-1260)
Vulnerability from cvelistv5
Published
2025-03-04 19:49
Modified
2025-03-04 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:41:36.492094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:41:46.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in unexpected configuration/operations being applied to the switch.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in unexpected configuration/operations being applied to the switch."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:49:00.278Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1260",
"datePublished": "2025-03-04T19:49:00.278Z",
"dateReserved": "2025-02-12T18:10:28.745Z",
"dateUpdated": "2025-03-04T20:41:46.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2796 (GCVE-0-2025-2796)
Vulnerability from cvelistv5
Published
2025-05-27 22:16
Modified
2025-05-28 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-284
Summary
On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.
Note: this issue does not affect VXLANSec or MACSec encryption functionality.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:34:22.951770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:30.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.2F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-2796, the following condition must be met:\u003c/p\u003e\u003cp\u003e\u003cb\u003eanti-replay detection\u003c/b\u003e\u0026nbsp;must be configured in IPSec SA Policy:\u003c/p\u003e\u003cpre\u003eswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# anti-replay detection\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-2796, the following condition must be met:\n\nanti-replay detection\u00a0must be configured in IPSec SA Policy:\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# anti-replay detection"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.\u003c/p\u003e\u003cp\u003eNote: this issue does not affect VXLANSec or MACSec encryption functionality.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.\n\nNote: this issue does not affect VXLANSec or MACSec encryption functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:16:53.489Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21413-security-advisory-0119"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-2796 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.3M and later releases in the 4.33.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-2796 has been fixed in the following releases:\n\n * 4.33.3M and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA119",
"defect": [
"BUG1073719"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no known mitigation for CVE-2025-2796. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for CVE-2025-2796. The recommended resolution is to upgrade to a remediated software version at your earliest convenience."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-2796",
"datePublished": "2025-05-27T22:16:53.489Z",
"dateReserved": "2025-03-25T16:27:53.397Z",
"dateUpdated": "2025-05-28T13:34:30.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7095 (GCVE-0-2024-7095)
Vulnerability from cvelistv5
Published
2025-01-10 20:19
Modified
2025-01-14 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-401
Summary
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.32.0F < Version: 4.31.0M < Version: 4.30.0M < Version: 4.29.0 < Version: 4.28.0 < Version: 4.27.0 < Version: 4.26.0 < Version: 4.25.0 < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T14:31:59.560743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:33:54.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.4M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.7M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.22.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-7095, the following conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003eSNMP must be configured, and\u003c/li\u003e\u003cli\u003e\u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d must be configured\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf the necessary configurations are present, \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like below, where \u003cb\u003eTransmit message maximum size\u003c/b\u003e\u0026nbsp;will contain a number smaller than the default of 65536:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf SNMP is not configured there is no exposure to this issue and the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSNMP agent disabled:\u003c/span\u003e Either no communities and no users are configured, or no VRFs are configured.\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the \u003cb\u003etransmit max-size\u003c/b\u003e\u0026nbsp;is not configured there is no exposure to this issue and even if SNMP is configured, the \u003cb\u003eshow snmp\u003c/b\u003e\u0026nbsp;output will look something like:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show snmp\nChassis: None\n0 SNMP packets input\n\u0026nbsp; \u0026nbsp; 0 Bad SNMP version errors\n\u0026nbsp; \u0026nbsp; 0 Unknown community name\n\u0026nbsp; \u0026nbsp; 0 Illegal operation for community name supplied\n\u0026nbsp; \u0026nbsp; 0 Encoding errors\n\u0026nbsp; \u0026nbsp; 0 Number of requested variables\n\u0026nbsp; \u0026nbsp; 0 Number of altered variables\n\u0026nbsp; \u0026nbsp; 0 Get-request PDUs\n\u0026nbsp; \u0026nbsp; 0 Get-next PDUs\n\u0026nbsp; \u0026nbsp; 0 Set-request PDUs\n0 SNMP packets output\n\u0026nbsp; \u0026nbsp; 0 Too big errors\n\u0026nbsp; \u0026nbsp; 0 No such name errors\n\u0026nbsp; \u0026nbsp; 0 Bad value errors\n\u0026nbsp; \u0026nbsp; 0 General errors\n\u0026nbsp; \u0026nbsp; 0 Response PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap PDUs\n\u0026nbsp; \u0026nbsp; 0 Trap drops\nAccess Control\n\u0026nbsp; \u0026nbsp; 0 Users\n\u0026nbsp; \u0026nbsp; 0 Groups\n\u0026nbsp; \u0026nbsp; 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eTransmit message maximum size: 65536\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-7095, the following conditions must be met:\n\n * SNMP must be configured, and\n * \u201csnmp-server transmit max-size\u201d must be configured\nIf the necessary configurations are present, show snmp\u00a0output will look something like below, where Transmit message maximum size\u00a0will contain a number smaller than the default of 65536:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 1500\n\n\n\u00a0\n\nIf SNMP is not configured there is no exposure to this issue and the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: XXXXXXXXXXX\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536\nSNMP agent disabled: Either no communities and no users are configured, or no VRFs are configured.\n\n\n\u00a0\n\nIf the transmit max-size\u00a0is not configured there is no exposure to this issue and even if SNMP is configured, the show snmp\u00a0output will look something like:\n\nswitch\u003eshow snmp\nChassis: None\n0 SNMP packets input\n\u00a0 \u00a0 0 Bad SNMP version errors\n\u00a0 \u00a0 0 Unknown community name\n\u00a0 \u00a0 0 Illegal operation for community name supplied\n\u00a0 \u00a0 0 Encoding errors\n\u00a0 \u00a0 0 Number of requested variables\n\u00a0 \u00a0 0 Number of altered variables\n\u00a0 \u00a0 0 Get-request PDUs\n\u00a0 \u00a0 0 Get-next PDUs\n\u00a0 \u00a0 0 Set-request PDUs\n0 SNMP packets output\n\u00a0 \u00a0 0 Too big errors\n\u00a0 \u00a0 0 No such name errors\n\u00a0 \u00a0 0 Bad value errors\n\u00a0 \u00a0 0 General errors\n\u00a0 \u00a0 0 Response PDUs\n\u00a0 \u00a0 0 Trap PDUs\n\u00a0 \u00a0 0 Trap drops\nAccess Control\n\u00a0 \u00a0 0 Users\n\u00a0 \u00a0 0 Groups\n\u00a0 \u00a0 0 Views\nSNMP logging: disabled\nSNMP agent enabled in VRFs: default\nTransmit message maximum size: 65536"
}
],
"datePublic": "2024-11-19T20:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with SNMP configured, if \u201c\u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "capex-130"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-401",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T20:19:10.234Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-7095 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.5M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.8M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-7095 has been fixed in the following releases:\n\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "107",
"defect": [
"BUG974415"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable \u003cb\u003esnmp-server transmit max-size\u003c/b\u003e\u0026nbsp;configuration:\u003c/p\u003e\u003cpre\u003eno snmp-server transmit max-size\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to disable snmp-server transmit max-size\u00a0configuration:\n\nno snmp-server transmit max-size"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-7095",
"datePublished": "2025-01-10T20:19:10.234Z",
"dateReserved": "2024-07-24T22:07:44.124Z",
"dateUpdated": "2025-01-14T14:33:54.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0936 (GCVE-0-2025-0936)
Vulnerability from cvelistv5
Published
2025-05-07 22:52
Modified
2025-05-08 13:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 4.30.1F < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:01:59.603974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:02:27.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9M",
"status": "affected",
"version": "4.30.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with accounting enabled \u003c/li\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\u003cbr\u003e\u003cul\u003e\u003cli\u003eservice/9\u003c/li\u003e\u003cli\u003einterceptor/9 \u003c/li\u003e\u003cli\u003etransport_socketcli/9 \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo see the tracing enabled for OpenConfig, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eservice/9,interceptor/9,transport_socketcli/9\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\n\n * OpenConfig must be enabled with a gNOI server with accounting enabled \n * OpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\n * service/9\n * interceptor/9 \n * transport_socketcli/9 \n\n\n\n\n\nIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\n\nswitch(config)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: yes\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled\n\n\n\u00a0\n\nTo see the tracing enabled for OpenConfig, run:\n\nswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting service/9,interceptor/9,transport_socketcli/9\n\n\n\u00a0\n\nNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability."
}
],
"datePublic": "2025-05-06T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc)."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T22:52:25.444Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-0936 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.10M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.32.5M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.33.2F and later releases\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-0936 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.32.5M and later releases in the 4.32.x train\n * 4.33.2F and later releases"
}
],
"source": {
"defect": [
"BUG 1045796"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are a number of possible workarounds:\u003c/p\u003e\u003ch4\u003eOption 1 - disable accounting/logging for the OpenConfig transport\u003c/h4\u003e\u003cp\u003eFor example to disable accounting for transport named \u201cdefault\u201d:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno accounting requests\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eto disable logging for the OpenConfig agent, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#no trace OpenConfig setting\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003eOption 2 - disable the gNOI File service entirely\u003c/h4\u003e\u003cp\u003eTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\u003c/p\u003e\u003ch4\u003eOption 3 - block the TransferToRemote RPC using gNSI Authz\u003c/h4\u003e\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\u003c/pre\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport\u003c/p\u003e\u003cp\u003eAdding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There are a number of possible workarounds:\n\nOption 1 - disable accounting/logging for the OpenConfig transportFor example to disable accounting for transport named \u201cdefault\u201d:\n\nswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#no accounting requests\n\n\n\u00a0\n\nto disable logging for the OpenConfig agent, run:\n\nswitch(config)#no trace OpenConfig setting\n\n\n\u00a0\n\nOption 2 - disable the gNOI File service entirelyTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\n\nswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u003e\u003e /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\n\n\u00a0\n\nDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\n\nOption 3 - block the TransferToRemote RPC using gNSI AuthzFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\n\nWhere [NAME] is the name of the running gNMI transport\n\nAdding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0936",
"datePublished": "2025-05-07T22:52:25.444Z",
"dateReserved": "2025-01-31T17:18:43.715Z",
"dateUpdated": "2025-05-08T13:02:27.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24548 (GCVE-0-2023-24548)
Vulnerability from cvelistv5
Published
2023-08-29 16:13
Modified
2024-09-30 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.25.0F < Version: 4.24.0 < Version: 4.23.0 < Version: 4.22.1F < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:44.954023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:46:19.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "=4.25.0F",
"status": "affected",
"version": "4.25.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.23.14M",
"status": "affected",
"version": "4.23.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "\u003c=4.22.13M",
"status": "affected",
"version": "4.22.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIP routing should be enabled:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSwitch\u0026gt; show running-config section ip routing\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN should be configured - a sample configuration is found below:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Loopback interface configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section loopback\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 10.0.0.1/32\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# VXLAN VTEP configuration\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vxlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan source-interface Loopback0\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan udp-port 4789\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan flood vtep 10.0.0.2\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e# Overlay interface\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Ethernet1/1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;switchport access vlan 100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vlan100\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;ip address 1.0.0.1/24\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; vxlan vlan 100 vni 100000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show running-config section red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003evrf instance red\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eip routing vrf red\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003einterface Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp;vxlan vrf red vni 200000\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eWhether such a configuration exists can be checked as follows:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vxlan vni\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; \u0026nbsp; Interface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 802.1Q Tag\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- ------------ ----------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static \u0026nbsp; \u0026nbsp; \u0026nbsp; Ethernet1/1 \u0026nbsp; \u0026nbsp; \u0026nbsp; untagged\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Vxlan1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 100\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI to dynamic VLAN Mapping for Vxlan1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVNI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; VLAN \u0026nbsp; \u0026nbsp; \u0026nbsp; VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; Source\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------ ---------- --------- ------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e200000\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; red \u0026nbsp; \u0026nbsp; \u0026nbsp; evpn\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show vlan\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eVLAN Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; Ports\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----- -------------------------------- --------- -------------------------------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; VLAN0100 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e* VLAN1006 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active \u0026nbsp; Cpu, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVx1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch\u0026gt; show ip interface brief\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Address\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; IP Address \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocol \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MTU \u0026nbsp; Owner\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e----------------- --------------------- ------------ -------------- ----------- -------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan100\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1.0.0.1/24 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1500\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eVlan1006\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; unassigned \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eup\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; up \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10168\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch\u003e show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch\u003e show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch\u003e show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch\u003e show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch\u003e show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch\u003e show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch\u003e show vlan\n\nVLAN Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active \u00a0 Cpu, Vx1\n\n\n\nswitch\u003e show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"
}
],
"datePublic": "2023-08-23T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn\u003c/span\u003e \u003cspan style=\"background-color: transparent;\"\u003eaffected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-583",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-583 Disabling Network Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:13:10.451Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2023-24548 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.0F and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.29.0F and later releases in the 4.29.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.28.0F and later releases in the 4.28.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.27.0F and later releases in the 4.27.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.26.0F and later releases in the 4.26.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.25.1F and later releases in the 4.25.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cspan style=\"background-color: transparent;\"\u003eNo remediation is planned for EOS software versions that are beyond their \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"\u003e\u003cspan style=\"background-color: transparent;\"\u003estandard EOS support lifecycle\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;\"\u003e (i.e. 4.22, 4.23).\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n * 4.30.0F and later releases in the 4.30.x train\n\n\n * 4.29.0F and later releases in the 4.29.x train\n\n\n * 4.28.0F and later releases in the 4.28.x train\n\n\n * 4.27.0F and later releases in the 4.27.x train\n\n\n * 4.26.0F and later releases in the 4.26.x train\n\n\n * 4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).\n"
}
],
"source": {
"advisory": "Security Advisory 89",
"defect": [
"828687"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24548",
"datePublished": "2023-08-29T16:13:10.451Z",
"dateReserved": "2023-01-26T11:37:43.827Z",
"dateUpdated": "2024-09-30T17:46:19.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28510 (GCVE-0-2021-28510)
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2025-04-01 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.22 Version: 4.27.1 < Version: 4.26.4 < Version: 4.25.6 < Version: 4.24.8 < Version: 4.23.10 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28510",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:44:12.691655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:44:26.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.22"
},
{
"lessThanOrEqual": "4.27.0",
"status": "affected",
"version": "4.27.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.0",
"status": "affected",
"version": "4.24.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.23.0",
"status": "affected",
"version": "4.23.10",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2021-28510 has been fixed in the following releases:\n4.27.2 and later releases in the 4.27.x train\n4.26.5 and later releases in the 4.26.x train\n4.25.7 and later releases in the 4.25.x train\n4.24.9 and later releases in the 4.24.x train\n4.23.11 and later releases in the 4.23.x train\n"
},
{
"lang": "en",
"value": "Hotfix\n\nThe following hotfix can be applied to remediate CVE-2021-28510\nNote: Installing/uninstalling the SWIX will cause the PTP agent to restart.\n\nVersion: 1.0\nURL:SecurityAdvisory76_CVE-2021-28510_Hotfix.swix\n\nSWIX hash: (SHA-512)2b78b8274b7c73083775b0327e13819c655db07e22b80038bb3843002c679a798b53a4638c549a86183e01a835377bf262d27e60020a39516a5d215e2fadb437 "
}
],
"source": {
"advisory": "76",
"defect": [
"BUG",
"638107"
],
"discovery": "INTERNAL"
},
"title": "For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.",
"workarounds": [
{
"lang": "en",
"value": "Install ACL rules to drop PTP packets from untrusted sources. Best practice is to block access to untrusted (non-management) networks."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28510",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2021-03-16T00:00:00.000Z",
"dateUpdated": "2025-04-01T18:44:26.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11185 (GCVE-0-2024-11185)
Vulnerability from cvelistv5
Published
2025-05-27 22:11
Modified
2025-05-28 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cwe-1189
Summary
On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.29.0 < Version: 4.30.0 < Version: 4.31.0 < Version: 4.32.0 < Version: 4.33.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:34:42.414290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:52.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.10M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.1F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2024-11185, the following condition must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIPV4 or IPV6 routing must be enabled. :\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(183, 183, 183);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003ewitch\u0026gt;show vrf\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003eMaximum number of VRFs allowed: 1023\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocols \u0026nbsp; \u0026nbsp; \u0026nbsp; State \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Interfaces\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e------------- --------------- ---------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;default \u0026nbsp; \u0026nbsp; \u0026nbsp; IPv4 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; routing \u0026nbsp; Ma1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;default \u0026nbsp; \u0026nbsp; \u0026nbsp; IPv6 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; routing \u0026nbsp; Ma1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(183, 183, 183);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-11185, the following condition must be met:\n\n\nIPV4 or IPV6 routing must be enabled. :\n\nswitch\u003eshow vrf\n\nMaximum number of VRFs allowed: 1023\n\n\u00a0 \u00a0VRF \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Protocols \u00a0 \u00a0 \u00a0 State \u00a0 \u00a0 \u00a0 \u00a0 Interfaces\n\n------------- --------------- ---------------- ----------\n\n\u00a0 \u00a0default \u00a0 \u00a0 \u00a0 IPv4 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 routing \u00a0 Ma1 \u00a0 \u00a0 \u00a0 \n\n\u00a0 \u00a0default \u00a0 \u00a0 \u00a0 IPv6 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 routing \u00a0 Ma1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-1189",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:11:30.325Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/21411-security-advisory-0118"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2024-11185 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.10M and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.31.7M and later releases in the 4.31.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.32.5M and later releases in the 4.32.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.33.2F and later releases in the 4.33.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2024-11185 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n\n\n * 4.31.7M and later releases in the 4.31.x train\n\n\n * 4.32.5M and later releases in the 4.32.x train\n\n\n * 4.33.2F and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA118",
"defect": [
"BUG1009562"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are no workarounds.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There are no workarounds."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-11185",
"datePublished": "2025-05-27T22:11:30.325Z",
"dateReserved": "2024-11-13T17:02:27.536Z",
"dateUpdated": "2025-05-28T13:34:52.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28507 (GCVE-0-2021-28507)
Vulnerability from cvelistv5
Published
2022-01-14 19:04
Modified
2024-09-17 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.22.x Version: 4.26.2F < Version: 4.25.5.1M < Version: 4.25.4M < Version: 4.25.3 < Version: 4.24.7M < Version: 4.23.9M < Version: 4.21.x < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.22.x"
},
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.5",
"status": "affected",
"version": "4.25.5.1M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.4",
"status": "affected",
"version": "4.25.4M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.0",
"status": "affected",
"version": "4.24.7M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.23.0",
"status": "affected",
"version": "4.23.9M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.21.x",
"status": "affected",
"version": "4.21.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:04:51",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
],
"solutions": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28507 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train\n4.23.10M and later releases in the 4.23.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606248"
],
"discovery": "EXTERNAL"
},
"title": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.",
"workarounds": [
{
"lang": "en",
"value": "On the affected versions, all vulnerabilities can be mitigated by disabling OpenConfig gNMI/gNOI and OpenConfig RESTCONF and TerminAttr. If use of these agents is required, a hotfix employing a proxy service can be deployed."
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28507 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"DATE_PUBLIC": "2022-01-11T22:22:00.000Z",
"ID": "CVE-2021-28507",
"STATE": "PUBLIC",
"TITLE": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.26.2F",
"version_value": "4.26.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.5.1M",
"version_value": "4.25.5"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.4M",
"version_value": "4.25.4"
},
{
"version_affected": "\u003c=",
"version_name": "4.25.3",
"version_value": "4.25.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.24.7M",
"version_value": "4.24.0"
},
{
"version_affected": "\u003c=",
"version_name": "4.23.9M",
"version_value": "4.23.0"
},
{
"version_affected": "=",
"version_name": "4.22.x",
"version_value": "4.22.x"
},
{
"version_affected": "\u003c=",
"version_name": "4.21.x",
"version_value": "4.21.x"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071"
}
]
},
"solution": [
{
"lang": "en",
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. \nCVE-2021-28507 has been fixed in the following releases:\n4.26.3M and later releases in the 4.26.x train\n4.25.6M and later releases in the 4.25.x train\n4.25.4.1M and later releases in the 4.25.4.x train\n4.24.8M and later releases in the 4.24.x train\n4.23.10M and later releases in the 4.23.x train"
}
],
"source": {
"advisory": "71",
"defect": [
"BUG",
"606248"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "On the affected versions, all vulnerabilities can be mitigated by disabling OpenConfig gNMI/gNOI and OpenConfig RESTCONF and TerminAttr. If use of these agents is required, a hotfix employing a proxy service can be deployed."
},
{
"lang": "en",
"value": "To mitigate CVE-2021-28507 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28507",
"datePublished": "2022-01-14T19:04:51.398195Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-17T04:20:33.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}