CVE-2024-9135 (GCVE-0-2024-9135)
Vulnerability from cvelistv5
Published
2025-03-04 20:12
Modified
2025-03-04 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Summary
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.33.0 Version: 4.31.0 < Version: 4.30.0 < Version: 4.29.0 < Version: 4.28.0 Version: 4.27.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:54.371098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:34:15.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.0"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8.1",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9.1",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0"
},
{
"lessThanOrEqual": "4.27.1",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9135, the following condition must be met:\u003c/p\u003e\u003cp\u003eBGP Link State must be configured:\u003c/p\u003e\u003cpre\u003eswitch# router bgp 65544\nswitch# \u0026nbsp; address-family link-state\nswitch# \u0026nbsp; \u0026nbsp; \u0026nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u0026nbsp; Description \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Neighbor V AS \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MsgRcvd \u0026nbsp; MsgSent InQ OutQ Up/Down State \u0026nbsp; NlriRcd NlriAcc\n \n\u0026nbsp; brw363 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.0.2.9 4 65550 \u0026nbsp; \u0026nbsp; \u0026nbsp; 194222 \u0026nbsp; 125149 \u0026nbsp; 0 \u0026nbsp; 0 01:08:41 Estab \u0026nbsp; 211948 211948\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# \u00a0 address-family link-state\nswitch# \u00a0 \u00a0 \u00a0 neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u00a0 Description \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Neighbor V AS \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MsgRcvd \u00a0 MsgSent InQ OutQ Up/Down State \u00a0 NlriRcd NlriAcc\n \n\u00a0 brw363 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 192.0.2.9 4 65550 \u00a0 \u00a0 \u00a0 194222 \u00a0 125149 \u00a0 0 \u00a0 0 01:08:41 Estab \u00a0 211948 211948\n\n\n\u00a0\n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch\u003esh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Dods from Meta\u2019s Infrastructure Security team."
}
],
"datePublic": "2025-01-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:02.025Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
],
"source": {
"advisory": "110",
"defect": [
"1006114"
],
"discovery": "UNKNOWN"
},
"title": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\u003c/p\u003e\u003cpre\u003e1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u0026gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\u0027\n3. Reload the switch or router\u003c/pre\u003e"
}
],
"value": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u003e /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u003e\u003e /mnt/flash/toggle_override\u0027\n3. Reload the switch or router"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9135",
"datePublished": "2025-03-04T20:12:02.025Z",
"dateReserved": "2024-09-23T23:03:07.318Z",
"dateUpdated": "2025-03-04T20:34:15.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-9135\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2025-03-04T21:15:12.360\",\"lastModified\":\"2025-03-04T21:15:12.360\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\"},{\"lang\":\"es\",\"value\":\"En las plataformas afectadas que ejecutan Arista EOS con BGP Link State configurado, la inestabilidad de los pares BGP puede provocar que el agente BGP pierda memoria. Esto puede provocar la finalizaci\u00f3n del procesamiento de enrutamiento BGP y la inestabilidad de las rutas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110\",\"source\":\"psirt@arista.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9135\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-04T20:33:54.371098Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-04T20:33:58.136Z\"}}], \"cna\": {\"title\": \"On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\", \"source\": {\"defect\": [\"1006114\"], \"advisory\": \"110\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Craig Dods from Meta\\u2019s Infrastructure Security team.\"}], \"impacts\": [{\"capecId\": \"CAPEC-130\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-130 Excessive Allocation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"EOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.33.0\"}, {\"status\": \"affected\", \"version\": \"4.31.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.31.5\"}, {\"status\": \"affected\", \"version\": \"4.30.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.30.8.1\"}, {\"status\": \"affected\", \"version\": \"4.29.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.29.9.1\"}, {\"status\": \"affected\", \"version\": \"4.28.0\"}, {\"status\": \"affected\", \"version\": \"4.27.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.27.1\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-01-21T16:00:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\\n\\n1. Enter \\\"bash\\\" shell under EOS prompt\\n2. sudo sh -c \u0027echo \\\"BgpLsConsumerDps=0\\\" \u003e /mnt/flash/toggle_override; echo \\\"BgpLsProducerDps=0\\\" \u003e\u003e /mnt/flash/toggle_override\u0027\\n3. Reload the switch or router\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\u003c/p\u003e\u003cpre\u003e1. Enter \\\"bash\\\" shell under EOS prompt\\n2. sudo sh -c \u0027echo \\\"BgpLsConsumerDps=0\\\" \u0026gt; /mnt/flash/toggle_override; echo \\\"BgpLsProducerDps=0\\\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\u0027\\n3. Reload the switch or router\u003c/pre\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable to CVE-2024-9135, the following condition must be met:\\n\\nBGP Link State must be configured:\\n\\nswitch# router bgp 65544\\nswitch# \\u00a0 address-family link-state\\nswitch# \\u00a0 \\u00a0 \\u00a0 neighbor 192.0.2.9 activate\\nswitch#\\nswitch#sh bgp link-state summary\\nBGP summary information for VRF default\\nRouter identifier 192.0.2.2, local AS number 65540\\nNeighbor Status Codes: m - Under maintenance\\n\\u00a0 Description \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 Neighbor V AS \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 MsgRcvd \\u00a0 MsgSent InQ OutQ Up/Down State \\u00a0 NlriRcd NlriAcc\\n \\n\\u00a0 brw363 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 192.0.2.9 4 65550 \\u00a0 \\u00a0 \\u00a0 194222 \\u00a0 125149 \\u00a0 0 \\u00a0 0 01:08:41 Estab \\u00a0 211948 211948\\n\\n\\n\\u00a0\\n\\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\\n\\nswitch\u003esh bgp link-state summary\\nBGP summary information for VRF default\\nRouter identifier 192.0.2.2, local AS number 65540\\nNeighbor Status Codes: m - Under maintenance\\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable to CVE-2024-9135, the following condition must be met:\u003c/p\u003e\u003cp\u003eBGP Link State must be configured:\u003c/p\u003e\u003cpre\u003eswitch# router bgp 65544\\nswitch# \u0026nbsp; address-family link-state\\nswitch# \u0026nbsp; \u0026nbsp; \u0026nbsp; neighbor 192.0.2.9 activate\\nswitch#\\nswitch#sh bgp link-state summary\\nBGP summary information for VRF default\\nRouter identifier 192.0.2.2, local AS number 65540\\nNeighbor Status Codes: m - Under maintenance\\n\u0026nbsp; Description \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Neighbor V AS \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MsgRcvd \u0026nbsp; MsgSent InQ OutQ Up/Down State \u0026nbsp; NlriRcd NlriAcc\\n \\n\u0026nbsp; brw363 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.0.2.9 4 65550 \u0026nbsp; \u0026nbsp; \u0026nbsp; 194222 \u0026nbsp; 125149 \u0026nbsp; 0 \u0026nbsp; 0 01:08:41 Estab \u0026nbsp; 211948 211948\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;sh bgp link-state summary\\nBGP summary information for VRF default\\nRouter identifier 192.0.2.2, local AS number 65540\\nNeighbor Status Codes: m - Under maintenance\\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\u003c/pre\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2025-03-04T20:12:02.025Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-9135\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-04T20:34:15.951Z\", \"dateReserved\": \"2024-09-23T23:03:07.318Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2025-03-04T20:12:02.025Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…