CVE-2023-6068 (GCVE-0-2023-6068)
Vulnerability from cvelistv5
Published
2024-03-04 19:44
Modified
2024-08-02 08:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | MOS |
Version: 1.7.1 Version: 1.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T21:18:50.615802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:32:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"MultiAccess FPGA Software"
],
"product": "MOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "1.7.1"
},
{
"status": "affected",
"version": "1.6"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2023-6068, the following condition must be met:\u003c/p\u003e\u003cp\u003eMOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.\u003c/p\u003e\u003cpre\u003eswitch(config)#show version\nDevice: Metamako MetaMux 48 with L-Series\nSKU: DCS-7130-48LB\nSerial number: M48LB-A3-27719-4\n \nSoftware image version: 0.39.0alpha4\nInternal build ID: master+9345\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eApplications: multiaccess-1.7.1\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-6068, the following condition must be met:\n\nMOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.\n\nswitch(config)#show version\nDevice: Metamako MetaMux 48 with L-Series\nSKU: DCS-7130-48LB\nSerial number: M48LB-A3-27719-4\n \nSoftware image version: 0.39.0alpha4\nInternal build ID: master+9345\nApplications: multiaccess-1.7.1\n\n\n"
}
],
"datePublic": "2023-02-20T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some"
}
],
"value": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-283",
"description": "CWE-283",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-04T19:44:08.620Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eCVE-2023-6068 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMultiAccess FPGA 1.8.0 and later\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-6068 has been fixed in the following releases:\n\n * MultiAccess FPGA 1.8.0 and later\n\n\n\n"
}
],
"source": {
"defect": [
"BUG 869667"
],
"discovery": "INTERNAL"
},
"title": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.\u003c/p\u003e\u003cp\u003eRun the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:\u003c/p\u003e\u003cpre\u003eswitch(config-app-multiaccess)#shut\nswitch(config-app-multiaccess)\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e#multiaccess-group 0 client 0 access-list new_acl_if_need\u003c/span\u003e\nswitch(config-app-multiaccess)#no shut\n\u003c/pre\u003e\u003cp\u003eThe previous applied access control lists will automatically apply after FPGA reload.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.\n\nRun the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:\n\nswitch(config-app-multiaccess)#shut\nswitch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need\nswitch(config-app-multiaccess)#no shut\n\n\nThe previous applied access control lists will automatically apply after FPGA reload.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-6068",
"datePublished": "2024-03-04T19:44:08.620Z",
"dateReserved": "2023-11-09T23:06:28.873Z",
"dateUpdated": "2024-08-02T08:21:17.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6068\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2024-03-04T20:15:50.267\",\"lastModified\":\"2024-11-21T08:43:04.790\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some\"},{\"lang\":\"es\",\"value\":\"En las plataformas FPGA de la serie 7130 afectadas que ejecutan MOS y versiones recientes de FPGA MultiAccess, la aplicaci\u00f3n de ACL puede provocar un funcionamiento incorrecto de la ACL configurada para un puerto, lo que da como resultado que se permitan algunos paquetes que deber\u00edan negarse y algunos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-283\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091\",\"source\":\"psirt@arista.com\"},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:21:17.180Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-6068\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-04T21:18:50.615802Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-28T01:32:28.563Z\"}}], \"cna\": {\"title\": \"On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some\", \"source\": {\"defect\": [\"BUG 869667\"], \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-1\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"modules\": [\"MultiAccess FPGA Software\"], \"product\": \"MOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.7.1\"}, {\"status\": \"affected\", \"version\": \"1.6\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThis issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\\n\\nCVE-2023-6068 has been fixed in the following releases:\\n\\n * MultiAccess FPGA 1.8.0 and later\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eCVE-2023-6068 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMultiAccess FPGA 1.8.0 and later\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-02-20T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.\\n\\nRun the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:\\n\\nswitch(config-app-multiaccess)#shut\\nswitch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need\\nswitch(config-app-multiaccess)#no shut\\n\\n\\nThe previous applied access control lists will automatically apply after FPGA reload.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.\u003c/p\u003e\u003cp\u003eRun the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:\u003c/p\u003e\u003cpre\u003eswitch(config-app-multiaccess)#shut\\nswitch(config-app-multiaccess)\u003cspan style=\\\"background-color: rgb(255, 255, 0);\\\"\u003e#multiaccess-group 0 client 0 access-list new_acl_if_need\u003c/span\u003e\\nswitch(config-app-multiaccess)#no shut\\n\u003c/pre\u003e\u003cp\u003eThe previous applied access control lists will automatically apply after FPGA reload.\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-283\", \"description\": \"CWE-283\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable to CVE-2023-6068, the following condition must be met:\\n\\nMOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.\\n\\nswitch(config)#show version\\nDevice: Metamako MetaMux 48 with L-Series\\nSKU: DCS-7130-48LB\\nSerial number: M48LB-A3-27719-4\\n \\nSoftware image version: 0.39.0alpha4\\nInternal build ID: master+9345\\nApplications: multiaccess-1.7.1\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable to CVE-2023-6068, the following condition must be met:\u003c/p\u003e\u003cp\u003eMOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.\u003c/p\u003e\u003cpre\u003eswitch(config)#show version\\nDevice: Metamako MetaMux 48 with L-Series\\nSKU: DCS-7130-48LB\\nSerial number: M48LB-A3-27719-4\\n \\nSoftware image version: 0.39.0alpha4\\nInternal build ID: master+9345\\n\u003cspan style=\\\"background-color: rgb(255, 255, 0);\\\"\u003eApplications: multiaccess-1.7.1\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2024-03-04T19:44:08.620Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-6068\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T08:21:17.180Z\", \"dateReserved\": \"2023-11-09T23:06:28.873Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2024-03-04T19:44:08.620Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…