CVE-2023-24548 - Vulnerability Details

CVE-2023-24548 - On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Arista Networks

EOS

unaffected

Version	Status	Constraints
`4.25.0F`	affected	≤ =4.25.0F
`4.24.0`	affected	≤ <=4.24.11M
`4.23.0`	affected	≤ <=4.23.14M
`4.22.1F`	affected	≤ <=4.22.13M

Configuration 1 [-]

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos:4.25.0f:::::::*

OR	cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
	cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
	cpe:2.3:h:arista:7280cr3-36s:-:::::::*
	cpe:2.3:h:arista:7280cr3-96:-:::::::*
	cpe:2.3:h:arista:7280cr3a-24d12:-:::::::*
	cpe:2.3:h:arista:7280cr3a-48d6:-:::::::*
	cpe:2.3:h:arista:7280cr3a-72:-:::::::*
	cpe:2.3:h:arista:7280dr3-24:-:::::::*
	cpe:2.3:h:arista:7280dr3a-36:-:::::::*
	cpe:2.3:h:arista:7280dr3a-54:-:::::::*
	cpe:2.3:h:arista:7280dr3ak-36:-:::::::*
	cpe:2.3:h:arista:7280dr3ak-54:-:::::::*
	cpe:2.3:h:arista:7280dr3am-36:-:::::::*
	cpe:2.3:h:arista:7280dr3am-54:-:::::::*
	cpe:2.3:h:arista:7280pr3-24:-:::::::*
	cpe:2.3:h:arista:7280r3:-:::::::*
	cpe:2.3:h:arista:7280sr3-40yc6:-:::::::*
	cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
	cpe:2.3:h:arista:7280tr3-40c6:-:::::::*
	cpe:2.3:h:arista:7500r3-24d:-:::::::*
	cpe:2.3:h:arista:7500r3-24p:-:::::::*
	cpe:2.3:h:arista:7500r3-36cq:-:::::::*
	cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
	cpe:2.3:h:arista:7500r3k-48y4d:-:::::::*
	cpe:2.3:h:arista:7504r3:-:::::::*
	cpe:2.3:h:arista:7508r3:-:::::::*
	cpe:2.3:h:arista:7512r3:-:::::::*
	cpe:2.3:h:arista:7800r3-36d:-:::::::*
	cpe:2.3:h:arista:7800r3-36p:-:::::::*
	cpe:2.3:h:arista:7800r3-48cq:-:::::::*
	cpe:2.3:h:arista:7800r3a-36d:-:::::::*
	cpe:2.3:h:arista:7800r3a-36dm:-:::::::*
	cpe:2.3:h:arista:7800r3a-36p:-:::::::*
	cpe:2.3:h:arista:7800r3a-36pm:-:::::::*
	cpe:2.3:h:arista:7800r3ak-36dm:-:::::::*
	cpe:2.3:h:arista:7800r3ak-36pm:-:::::::*
	cpe:2.3:h:arista:7800r3k-36dm:-:::::::*
	cpe:2.3:h:arista:7800r3k-48cq:-:::::::*
	cpe:2.3:h:arista:7800r3k-48cqms:-:::::::*
	cpe:2.3:h:arista:7800r3k-72y7512r3:-:::::::*
	cpe:2.3:h:arista:7808r3:-:::::::*
	cpe:2.3:h:arista:7812r3:-:::::::*
	cpe:2.3:h:arista:7816r3:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Arista Subscribe	7280cr3-32d4 Subscribe 7280cr3-32p4 Subscribe 7280cr3-36s Subscribe 7280cr3-96 Subscribe 7280cr3a-24d12 Subscribe 7280cr3a-48d6 Subscribe 7280cr3a-72 Subscribe 7280dr3-24 Subscribe 7280dr3a-36 Subscribe 7280dr3a-54 Subscribe 7280dr3ak-36 Subscribe 7280dr3ak-54 Subscribe 7280dr3am-36 Subscribe 7280dr3am-54 Subscribe 7280pr3-24 Subscribe 7280r3 Subscribe 7280sr3-40yc6 Subscribe 7280sr3-48yc8 Subscribe 7280tr3-40c6 Subscribe 7500r3-24d Subscribe 7500r3-24p Subscribe 7500r3-36cq Subscribe 7500r3k-36cq Subscribe 7500r3k-48y4d Subscribe 7504r3 Subscribe 7508r3 Subscribe 7512r3 Subscribe 7800r3-36d Subscribe 7800r3-36p Subscribe 7800r3-48cq Subscribe 7800r3a-36d Subscribe 7800r3a-36dm Subscribe 7800r3a-36p Subscribe 7800r3a-36pm Subscribe 7800r3ak-36dm Subscribe 7800r3ak-36pm Subscribe 7800r3k-36dm Subscribe 7800r3k-48cq Subscribe 7800r3k-48cqms Subscribe 7800r3k-72y7512r3 Subscribe 7808r3 Subscribe 7812r3 Subscribe 7816r3 Subscribe Eos Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-28564	On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Fixes

Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2023-24548 has been fixed in the following releases: * 4.30.0F and later releases in the 4.30.x train * 4.29.0F and later releases in the 4.29.x train * 4.28.0F and later releases in the 4.28.x train * 4.27.0F and later releases in the 4.27.x train * 4.26.0F and later releases in the 4.26.x train * 4.25.1F and later releases in the 4.25.x train No remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).

Workaround

There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089

History

Mon, 30 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2023-08-29T16:13:10.451Z

Updated: 2024-09-30T17:46:19.199Z

Reserved: 2023-01-26T11:37:43.827Z

Link: CVE-2023-24548

Vulnrichment

Updated: 2024-08-02T11:03:18.834Z

NVD

Status : Modified

Published: 2023-08-29T17:15:11.790

Modified: 2024-11-21T07:48:06.157

Link: CVE-2023-24548

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-120

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object