Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24513

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Published

2023-04-12T20:15:07.963

Last Modified

2024-11-21T07:48:01.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-126
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	arista	cloudeos	< 4.26.9m	Yes
Application	arista	cloudeos	< 4.27.8m	Yes
Application	arista	cloudeos	< 4.28.5m	Yes
Application	arista	cloudeos	< 4.29.2f	Yes
Application	amazon	aws_marketplace	-	No
Application	equinix	network_edge	-	No
Application	google	google_cloud_platform_marketplace	-	No
Application	microsoft	azure_marketplace	-	No
Hardware	arista	dca-200-veos	-	No

References

https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085 Exploit, Patch, Vendor Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)