{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5872", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2024-06-11T15:41:47.035Z", "datePublished": "2025-01-10T20:25:53.860Z", "dateUpdated": "2025-01-10T21:11:37.497Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EOS", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "4.32.2F", "status": "affected", "version": "4.32.0F", "versionType": "custom"}, {"lessThanOrEqual": "4.31.4M", "status": "affected", "version": "4.31.0M", "versionType": "custom"}, {"lessThanOrEqual": "4.30.7M", "status": "affected", "version": "4.30.0M", "versionType": "custom"}, {"lessThanOrEqual": "4.29.8M", "status": "affected", "version": "4.29.0M", "versionType": "custom"}, {"lessThanOrEqual": "4.28.11F", "status": "affected", "version": "4.28.1F", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.</p><p>In order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.</p><p>To check IPv4 L3 interface configuration:</p><pre>Switch&gt;show ip interface brief\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Address\nInterface &nbsp; &nbsp; IP Address &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; Protocol &nbsp; &nbsp; MTU &nbsp; Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 &nbsp; 5.1.1.1/24 &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\nManagement1 &nbsp; 10.240.112.30/25 &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\nVlan4 &nbsp; &nbsp; &nbsp; &nbsp; 4.1.1.1/24 &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\n</pre><div>&nbsp;</div><p>To check IPv6 L3 interface configuration:</p><pre>Switch&gt;show ipv6 interface brief\nInterface Status MTU IPv6 Address &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; 1500 fe80::d3ff:fe5f:73e9/64 up &nbsp; &nbsp; &nbsp; &nbsp; link local\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;fdfd:5c41:712d::701e/64 up &nbsp; &nbsp; &nbsp; &nbsp; config\nVl4 &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; 1500 fe80::d3ff:fe5f:73ea/64 up &nbsp; &nbsp; &nbsp; &nbsp; link local\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;120::1/120 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; config\n</pre><div>&nbsp;</div><div>AND</div><p>At least one of the following conditions (#\u2019s 1-4 below) must be met:</p><ol><li>Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:<br><pre>Switch&gt;show ip\n \n<span style=\"background-color: rgb(255, 255, 0);\">IP Routing : Disabled</span>\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Unicast Routing : Disabled</span>\n</pre></li></ol><div>OR</div><ol><li>For packets with TTL of 0 or 1, all IP configurations are vulnerable.<br><div>&nbsp;</div></li></ol><div>OR</div><ol><li>Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:<br><pre>Switch&gt;show ip\n \n<span style=\"background-color: rgb(255, 255, 0);\">IP Routing : Enabled\nIP Multicast Routing : Enabled</span>\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n<br>\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n&nbsp; &nbsp;ip address 4.1.1.1/24\n&nbsp; &nbsp;<span style=\"background-color: rgb(255, 255, 0);\">pim ipv4 sparse-mode</span>\n</pre></li></ol><div>OR</div><ol><li>Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:<br><pre>Switch&gt;show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Multicast Routing : Enabled</span>\nIPv6 Interfaces Forwarding : None\n \n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Unicast Routing : Enabled</span>\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n&nbsp; &nbsp;ipv6 address 120::1/120\n&nbsp; &nbsp;<span style=\"background-color: rgb(255, 255, 0);\">pim ipv6 sparse-mode</span></pre></li></ol><br>"}], "value": "There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\n\nIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\n\nTo check IPv4 L3 interface configuration:\n\nSwitch>show ip interface brief\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Address\nInterface \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Protocol \u00a0 \u00a0 MTU \u00a0 Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u00a0 5.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nManagement1 \u00a0 10.240.112.30/25 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nVlan4 \u00a0 \u00a0 \u00a0 \u00a0 4.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\n\n\n\u00a0\n\nTo check IPv6 L3 interface configuration:\n\nSwitch>show ipv6 interface brief\nInterface Status MTU IPv6 Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73e9/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0fdfd:5c41:712d::701e/64 up \u00a0 \u00a0 \u00a0 \u00a0 config\nVl4 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73ea/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0120::1/120 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 config\n\n\n\u00a0\n\nAND\n\nAt least one of the following conditions (#\u2019s 1-4 below) must be met:\n\n * Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\nSwitch>show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Disabled\n\n\n\nOR\n\n * For packets with TTL of 0 or 1, all IP configurations are vulnerable.\n\u00a0\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\nSwitch>show ip\n \nIP Routing : Enabled\nIP Multicast Routing : Enabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\n\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ip address 4.1.1.1/24\n\u00a0 \u00a0pim ipv4 sparse-mode\n\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\nSwitch>show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Enabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Enabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ipv6 address 120::1/120\n\u00a0 \u00a0pim ipv6 sparse-mode"}], "datePublic": "2024-11-19T20:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."}], "value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."}], "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "cwe-346", "lang": "en"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-01-10T20:25:53.860Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>&nbsp;</div><div>CVE-2024-5872 has been fixed in the following releases:</div><ul><li>4.33.0F and later releases in the 4.33.x train</li><li>4.32.3M and later releases in the 4.32.x train</li><li>4.31.5M and later releases in the 4.31.x train</li><li>4.30.8M and later releases in the 4.30.x train</li><li>4.29.9M and later releases in the 4.29.x train</li><li>4.28.12M and later releases in the 4.28.x train</li></ul><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-5872 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train\n * 4.29.9M and later releases in the 4.29.x train\n * 4.28.12M and later releases in the 4.28.x train"}], "source": {"advisory": "106", "defect": ["BUG 884202"], "discovery": "INTERNAL"}, "title": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no workaround.</span><br>"}], "value": "There is no workaround."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T21:11:13.257737Z", "id": "CVE-2024-5872", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T21:11:37.497Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5872", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-10T21:11:13.257737Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-10T21:11:16.776Z"}}], "cna": {"title": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.", "source": {"defect": ["BUG 884202"], "advisory": "106", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "versions": [{"status": "affected", "version": "4.32.0F", "versionType": "custom", "lessThanOrEqual": "4.32.2F"}, {"status": "affected", "version": "4.31.0M", "versionType": "custom", "lessThanOrEqual": "4.31.4M"}, {"status": "affected", "version": "4.30.0M", "versionType": "custom", "lessThanOrEqual": "4.30.7M"}, {"status": "affected", "version": "4.29.0M", "versionType": "custom", "lessThanOrEqual": "4.29.8M"}, {"status": "affected", "version": "4.28.1F", "versionType": "custom", "lessThanOrEqual": "4.28.11F"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-5872 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.5M and later releases in the 4.31.x train\n * 4.30.8M and later releases in the 4.30.x train\n * 4.29.9M and later releases in the 4.29.x train\n * 4.28.12M and later releases in the 4.28.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>&nbsp;</div><div>CVE-2024-5872 has been fixed in the following releases:</div><ul><li>4.33.0F and later releases in the 4.33.x train</li><li>4.32.3M and later releases in the 4.32.x train</li><li>4.31.5M and later releases in the 4.31.x train</li><li>4.30.8M and later releases in the 4.30.x train</li><li>4.29.9M and later releases in the 4.29.x train</li><li>4.28.12M and later releases in the 4.28.x train</li></ul><br>", "base64": false}]}], "datePublic": "2024-11-19T20:20:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106"}], "workarounds": [{"lang": "en", "value": "There is no workaround.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no workaround.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.", "supportingMedia": [{"type": "text/html", "value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "cwe-346"}]}], "configurations": [{"lang": "en", "value": "There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.\n\nIn order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.\n\nTo check IPv4 L3 interface configuration:\n\nSwitch>show ip interface brief\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Address\nInterface \u00a0 \u00a0 IP Address \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 Protocol \u00a0 \u00a0 MTU \u00a0 Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 \u00a0 5.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nManagement1 \u00a0 10.240.112.30/25 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\nVlan4 \u00a0 \u00a0 \u00a0 \u00a0 4.1.1.1/24 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 1500\n\n\n\u00a0\n\nTo check IPv6 L3 interface configuration:\n\nSwitch>show ipv6 interface brief\nInterface Status MTU IPv6 Address \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73e9/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0fdfd:5c41:712d::701e/64 up \u00a0 \u00a0 \u00a0 \u00a0 config\nVl4 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 1500 fe80::d3ff:fe5f:73ea/64 up \u00a0 \u00a0 \u00a0 \u00a0 link local\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0120::1/120 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 config\n\n\n\u00a0\n\nAND\n\nAt least one of the following conditions (#\u2019s 1-4 below) must be met:\n\n * Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:\nSwitch>show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Disabled\n\n\n\nOR\n\n * For packets with TTL of 0 or 1, all IP configurations are vulnerable.\n\u00a0\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:\nSwitch>show ip\n \nIP Routing : Enabled\nIP Multicast Routing : Enabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n\n\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ip address 4.1.1.1/24\n\u00a0 \u00a0pim ipv4 sparse-mode\n\n\n\nOR\n\n * Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:\nSwitch>show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Enabled\nIPv6 Interfaces Forwarding : None\n \nIPv6 Unicast Routing : Enabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n\u00a0 \u00a0ipv6 address 120::1/120\n\u00a0 \u00a0pim ipv6 sparse-mode", "supportingMedia": [{"type": "text/html", "value": "<p>There are multiple conditions which must be met. An L3 interface must be configured on the device and at least one of four additional conditions, detailed below and labeled 1 through 4, must be met. In addition to the configuration the packet being sent must have an incorrect VLAN tag.</p><p>In order to be vulnerable to CVE-2024-5872, an L3 interface MUST be configured on the device.</p><p>To check IPv4 L3 interface configuration:</p><pre>Switch&gt;show ip interface brief\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Address\nInterface &nbsp; &nbsp; IP Address &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; Protocol &nbsp; &nbsp; MTU &nbsp; Owner\n------------- ------------------ --------- ---------- ------ -------\nEthernet5/1 &nbsp; 5.1.1.1/24 &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\nManagement1 &nbsp; 10.240.112.30/25 &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\nVlan4 &nbsp; &nbsp; &nbsp; &nbsp; 4.1.1.1/24 &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; 1500\n</pre><div>&nbsp;</div><p>To check IPv6 L3 interface configuration:</p><pre>Switch&gt;show ipv6 interface brief\nInterface Status MTU IPv6 Address &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Addr State Addr Source\n--------- ------- ---- ----------------------- ---------- -----------\nMa1 &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; 1500 fe80::d3ff:fe5f:73e9/64 up &nbsp; &nbsp; &nbsp; &nbsp; link local\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;fdfd:5c41:712d::701e/64 up &nbsp; &nbsp; &nbsp; &nbsp; config\nVl4 &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; 1500 fe80::d3ff:fe5f:73ea/64 up &nbsp; &nbsp; &nbsp; &nbsp; link local\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;120::1/120 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; config\n</pre><div>&nbsp;</div><div>AND</div><p>At least one of the following conditions (#\u2019s 1-4 below) must be met:</p><ol><li>Either IPv4 routing or IPv6 routing is not configured, which will cause the vulnerability to impact IPv4 unicast packets or IPv6 unicast packets, respectively:<br><pre>Switch&gt;show ip\n \n<span style=\"background-color: rgb(255, 255, 0);\">IP Routing : Disabled</span>\nIP Multicast Routing : Disabled\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n \n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Unicast Routing : Disabled</span>\n</pre></li></ol><div>OR</div><ol><li>For packets with TTL of 0 or 1, all IP configurations are vulnerable.<br><div>&nbsp;</div></li></ol><div>OR</div><ol><li>Unicast and multicast routing must be configured for IPv4 to be vulnerable for IPv4 multicast packets, and IPv4 multicast must be enabled on an L3 interface:<br><pre>Switch&gt;show ip\n \n<span style=\"background-color: rgb(255, 255, 0);\">IP Routing : Enabled\nIP Multicast Routing : Enabled</span>\nIPv6 Multicast Routing : Disabled\nIPv6 Interfaces Forwarding : None\n<br>\nIPv6 Unicast Routing : Disabled\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n&nbsp; &nbsp;ip address 4.1.1.1/24\n&nbsp; &nbsp;<span style=\"background-color: rgb(255, 255, 0);\">pim ipv4 sparse-mode</span>\n</pre></li></ol><div>OR</div><ol><li>Unicast and multicast routing must be configured for IPv6 to be vulnerable to IPv6 multicast packets, and IPv6 multicast must be enabled on an L3 interface:<br><pre>Switch&gt;show ip\n \nIP Routing : Disabled\nIP Multicast Routing : Disabled\n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Multicast Routing : Enabled</span>\nIPv6 Interfaces Forwarding : None\n \n<span style=\"background-color: rgb(255, 255, 0);\">IPv6 Unicast Routing : Enabled</span>\nSwitch(config-if-Vl4)#show active\ninterface Vlan4\n&nbsp; &nbsp;ipv6 address 120::1/120\n&nbsp; &nbsp;<span style=\"background-color: rgb(255, 255, 0);\">pim ipv6 sparse-mode</span></pre></li></ol><br>", "base64": false}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-01-10T20:25:53.860Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5872", "state": "PUBLISHED", "dateUpdated": "2025-01-10T21:11:37.497Z", "dateReserved": "2024-06-11T15:41:47.035Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-01-10T20:25:53.860Z", "assignerShortName": "Arista"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc."}], "id": "CVE-2024-5872", "lastModified": "2025-01-10T21:15:13.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2025-01-10T21:15:13.367", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Received"}

{}