CVE-2023-24513 - OpenCVE

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amazon	Aws Marketplace
Arista	Cloudeos Dca-200-veos
Equinix	Network Edge
Google	Google Cloud Platform Marketplace
Microsoft	Azure Marketplace

Configuration 1 [-]

AND

OR	cpe:2.3:a:arista:cloudeos::::::::
	cpe:2.3:a:arista:cloudeos::::::::
	cpe:2.3:a:arista:cloudeos::::::::
	cpe:2.3:a:arista:cloudeos::::::::

OR	cpe:2.3:a:amazon:aws_marketplace:-:::::::*
	cpe:2.3:a:equinix:network_edge:-:::::::*
	cpe:2.3:a:google:google_cloud_platform_marketplace:-:::::::*
	cpe:2.3:a:microsoft:azure_marketplace:-:::::::*
	cpe:2.3:h:arista:dca-200-veos:-:::::::*

No data.

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085

History

No history.

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2023-04-12T00:00:00

Updated: 2024-08-02T10:56:04.274Z

Reserved: 2023-01-24T00:00:00

Link: CVE-2023-24513

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-12T20:15:07.963

Modified: 2023-04-24T16:00:57.643

Link: CVE-2023-24513

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24513", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "assignerShortName": "Arista", "dateUpdated": "2024-08-02T10:56:04.274Z", "dateReserved": "2023-01-24T00:00:00", "datePublished": "2023-04-12T00:00:00"}, "containers": {"cna": {"title": "On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...", "datePublic": "2023-04-11T00:00:00", "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2023-04-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "versions": [{"version": "4.29.0", "status": "affected", "lessThanOrEqual": "4.29.1F", "versionType": "custom"}, {"version": "4.28.0", "status": "affected", "lessThanOrEqual": "4.28.5M", "versionType": "custom"}, {"version": "4.27.0", "status": "affected", "lessThanOrEqual": "4.27.8M", "versionType": "custom"}, {"version": "4.26.0", "status": "affected", "lessThanOrEqual": "4.26.9M", "versionType": "custom"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-126 Buffer Over-read", "cweId": "CWE-126"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "85", "defect": ["764777"], "discovery": "INTERNAL"}, "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2023-24545 and CVE-2023-24513, the switch must be configured to run the Software Forwarding Engine (Sfe). Sfe is the default configuration on CloudEOS platforms. "}], "workarounds": [{"lang": "en", "value": "There is no mitigation / workaround for these issues."}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-24513 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n\n"}, {"lang": "en", "value": "The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains:\n\nNote: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds.\n4.29.1F and below releases in the 4.29.x Train:\nURL:SecurityAdvisory85_4.29_Hotfix.swix\nSWIX Hash:\nSHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs\n4.28.5M and below releases in the 4.28.x train:\nURL:SecurityAdvisory85_4.28_Hotfix.swix\nSWIX Hash:\n(SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079\n4.27.8M and below releases in the 4.27.x train:\nURL:SecurityAdvisory85_4.27_Hotfix.swix\nSWIX Hash:\n(SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go\n4.26.9M and below releases in the 4.26.x train:\nURL:SecurityAdvisory85_4.26_Hotfix.swix\nSWIX Hash:\n(SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2\n"}], "x_ConverterErrors": {"TITLE": {"error": "TITLE too long. Truncating in v5 record.", "message": "Truncated!"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.274Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*", "matchCriteriaId": "47DC93B2-147D-427E-89E5-0F8EC3D884B0", "versionEndExcluding": "4.26.9m", "versionStartIncluding": "4.26.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BA01B5E-EDAB-4C30-9F2C-57C0ACB6EF02", "versionEndExcluding": "4.27.8m", "versionStartIncluding": "4.27.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60CFAB31-7E8C-49E0-BDB2-ED1EF62D9303", "versionEndExcluding": "4.28.5m", "versionStartIncluding": "4.28.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E98581C-4312-4EC2-A253-73D5179DDA6A", "versionEndExcluding": "4.29.2f", "versionStartIncluding": "4.29.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:amazon:aws_marketplace:-:*:*:*:*:*:*:*", "matchCriteriaId": "38DF4A9E-F836-4389-BCE4-10E5121332E8", "vulnerable": false}, {"criteria": "cpe:2.3:a:equinix:network_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BE13E07-E588-498B-892A-48AE52E222CD", "vulnerable": false}, {"criteria": "cpe:2.3:a:google:google_cloud_platform_marketplace:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8139E4B-24C7-4C77-A375-088C6817256D", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:azure_marketplace:-:*:*:*:*:*:*:*", "matchCriteriaId": "B18F83F7-96C2-4B36-A68F-5B8C4E41D066", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:dca-200-veos:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C9985E3-D496-473F-A806-022EC164EF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic."}], "id": "CVE-2023-24513", "lastModified": "2023-04-24T16:00:57.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2023-04-12T20:15:07.963", "references": [{"source": "psirt@arista.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-126"}], "source": "psirt@arista.com", "type": "Secondary"}]}