Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-24545

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Published

2023-04-12T21:15:18.183

Last Modified

2024-11-21T07:48:05.733

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arista	cloudeos	< 4.26.9m	Yes
Operating System	arista	cloudeos	< 4.27.8m	Yes
Operating System	arista	cloudeos	< 4.28.5m	Yes
Operating System	arista	cloudeos	< 4.29.2f	Yes
Hardware	arista	dca-200-veos	-	No

References

https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085 Exploit, Patch, Vendor Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)