CVE-2024-5872 On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

🗓️ 10 Jan 2025 20:25:53Reported by AristaType

VLAN tag issue in Arista EOS causes control plane disruption on affected platforms.

Reporter	Title	Published	Views	Family All 7
Arista	Security Advisory 0106	19 Nov 202400:00	–	arista
Circl	CVE-2024-5872	10 Jan 202520:34	–	circl
CNNVD	Arista EOS 安全漏洞	10 Jan 202500:00	–	cnnvd
CVE	CVE-2024-5872	10 Jan 202520:25	–	cve
EUVD	EUVD-2024-47159	3 Oct 202520:07	–	euvd
NVD	CVE-2024-5872	10 Jan 202521:15	–	nvd
Vulnrichment	CVE-2024-5872 On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.	10 Jan 202520:25	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EOS",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "4.32.2F",
        "status": "affected",
        "version": "4.32.0F",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.31.4M",
        "status": "affected",
        "version": "4.31.0M",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.30.7M",
        "status": "affected",
        "version": "4.30.0M",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.29.8M",
        "status": "affected",
        "version": "4.29.0M",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.28.11F",
        "status": "affected",
        "version": "4.28.1F",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
arista	www.arista.com/en/support/advisories-notices/security-advisory/20649-security-advisory-0106

10 Jan 2025 20:25Current

CVSS 3.16.5

EPSS0.00137