CVE-2023-24548

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-24548

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

O

n affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

References
Link Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089 Exploit Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*
OR cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 5.3
References () https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089 - Exploit, Vendor Advisory () https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089 - Exploit, Vendor Advisory
Information

Published : 2023-08-29 17:15

Updated : 2024-11-21 07:48

NVD link : CVE-2023-24548

Mitre link : CVE-2023-24548

CVE.ORG link : CVE-2023-24548

JSON object : View

Products Affected

arista

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')