Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAristaCVE-2023-24548
HistoryAug 29, 2023 - 5:15 p.m.

CVE-2023-24548

2023-08-2917:15:11
CWE-120
Arista
web.nvd.nist.gov
51
arista
eos
vxlan
vulnerability
nvd
cve-2023-24548

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0

Percentile

12.7%

JSON

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Affected configurations

Nvd
Node
arista7280cr3-32d4Match-
OR
arista7280cr3-32p4Match-
OR
arista7280cr3-36sMatch-
OR
arista7280cr3-96Match-
OR
arista7280cr3a-24d12Match-
OR
arista7280cr3a-48d6Match-
OR
arista7280cr3a-72Match-
OR
arista7280dr3-24Match-
OR
arista7280dr3a-36Match-
OR
arista7280dr3a-54Match-
OR
arista7280dr3ak-36Match-
OR
arista7280dr3ak-54Match-
OR
arista7280dr3am-36Match-
OR
arista7280dr3am-54Match-
OR
arista7280pr3-24Match-
OR
arista7280r3Match-
OR
arista7280sr3-40yc6Match-
OR
arista7280sr3-48yc8Match-
OR
arista7280tr3-40c6Match-
OR
arista7500r3-24dMatch-
OR
arista7500r3-24pMatch-
OR
arista7500r3-36cqMatch-
OR
arista7500r3k-36cqMatch-
OR
arista7500r3k-48y4dMatch-
OR
arista7504r3Match-
OR
arista7508r3Match-
OR
arista7512r3Match-
OR
arista7800r3-36dMatch-
OR
arista7800r3-36pMatch-
OR
arista7800r3-48cqMatch-
OR
arista7800r3a-36dMatch-
OR
arista7800r3a-36dmMatch-
OR
arista7800r3a-36pMatch-
OR
arista7800r3a-36pmMatch-
OR
arista7800r3ak-36dmMatch-
OR
arista7800r3ak-36pmMatch-
OR
arista7800r3k-36dmMatch-
OR
arista7800r3k-48cqMatch-
OR
arista7800r3k-48cqmsMatch-
OR
arista7800r3k-72y7512r3Match-
OR
arista7808r3Match-
OR
arista7812r3Match-
OR
arista7816r3Match-
AND
aristaeosRange4.22.1f4.22.13m
OR
aristaeosRange4.23.04.23.14m
OR
aristaeosRange4.24.04.24.11m
OR
aristaeosMatch4.25.0f
VendorProductVersionCPE
arista7280cr3-32d4-cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*
arista7280cr3-32p4-cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*
arista7280cr3-36s-cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*
arista7280cr3-96-cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*
arista7280cr3a-24d12-cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*
arista7280cr3a-48d6-cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*
arista7280cr3a-72-cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*
arista7280dr3-24-cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*
arista7280dr3a-36-cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*
arista7280dr3a-54-cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 451

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EOS",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "=4.25.0F",
        "status": "affected",
        "version": "4.25.0F",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "<=4.24.11M",
        "status": "affected",
        "version": "4.24.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "<=4.23.14M",
        "status": "affected",
        "version": "4.23.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "<=4.22.13M",
        "status": "affected",
        "version": "4.22.1F",
        "versionType": "custom"
      }
    ]
  }
]

Related

arista 1
nvd 1
prion 1
cvelist 1
arista
arista
Security Advisory 0089
2023-08-23 00:00:00
nvd
nvd
CVE-2023-24548
2023-08-29 17:15:11
prion
prion
Design/Logic Flaw
2023-08-29 17:15:00
cvelist
cvelist
CVE-2023-24548 On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets
2023-08-29 16:13:10

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0

Percentile

12.7%

JSON
Related for CVE-2023-24548
arista1nvd1prion1cvelist1