7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
34.8%
Revision | Date | Changes |
---|---|---|
1.0 | May 31, 2023 | Initial release |
The CVE-ID tracking this issue: CVE-2023-24510
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Common Weakness Enumeration: CWE-755 Improper Handling of Exceptional Conditions
This vulnerability is being tracked by BUG753188
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
Arista is not aware of any malicious uses of this issue in customer networks.
This issue was introduced in EOS version 4.20.5.
This is a platform-independent vulnerability and affects all systems running EOS with the versions identified above. The following products are affected by this vulnerability:
Arista EOS-based products:
The following product versions and platforms are not affected by this vulnerability:
In order to be vulnerable to CVE-2023-24510, the following condition must be met:
– At least two “ip helper-address” commands for the DHCP server are configured on the same interface.
– Scenario One:
– Scenario Two:
The below configuration sample shows two VLAN interfaces which will be exposed to the issue:
interface Vlan11
ip helper-address 100.1.1.2 [vrf blue] source-interface Loopback1
ip helper-address 50.1.1.2
interface Vlan12
ip helper-address 100.1.1.2 vrf blue
ip helper-address 50.1.1.2
The impact of this vulnerability is that the DHCP relay agent would restart.
The following message will appear in “show logging” to indicate the restart:
Apr 27 03:30:59 switch ProcMgr-worker: %PROCMGR-6-PROCESS_RESTART: Restarting 'DhcpRelay' immediately (it had PID=4107)
Apr 27 03:30:59 switch ProcMgr-worker: %PROCMGR-7-PREDECESSOR_WAITING: New instance of DhcpRelay (PID=5103): waiting for reaping of predecessor (PID=4107)
Apr 27 03:30:59 switch ProcMgr-worker: %PROCMGR-7-PREDECESSOR_GONE: New instance of DhcpRelay (PID=5103): predecessor (PID=4107) has been reaped.
Apr 27 03:30:59 switch ProcMgr-worker: %PROCMGR-6-PROCESS_STARTED: 'DhcpRelay' starting with PID=5103 (PPID=1949) -- execing '/usr/bin/DhcpRelay'
Apr 27 03:30:59 switch DhcpRelay: %AGENT-6-INITIALIZED: Agent 'DhcpRelay' initialized; pid=5103
There is no known mitigation for this issue.
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades
CVE-2023-24510 has been fixed in the following releases:
The following hotfix can be applied to remediate CVE-2023-24510. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):
Note: Installing/uninstalling the SWIX will cause the DHCP relay agent to restart
Verizon: 1.0
URL: SecurityAdvisory87_Hotfix.swix
SWIX hash:
(SHA-512)fc9051ad9a83c7b507d843bebc4964259f68ae0a7dfb4783680d44b8eda078a5f3a7041e584bc4508480197fb4f8d27da39f87c45e6f98f0d839a5240a48f71f
For instructions on installation and verification of the hotfix patch, refer to the “managing eos extensions” section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.
If you require further assistance, or if you have any further questions regarding this security notice, please contact the Arista Networks Technical Assistance Center (TAC) by one of the following methods:
By email: This email address is being protected from spambots. You need JavaScript enabled to view it.
By telephone: 408-547-5502 ; 866-476-0000
Contact information needed to open a new service request may be found at: https://www.arista.com/en/support/customer-support