CVE-2023-24513

CVE Database · CVE-2023-24513

CVE-2023-24513

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.68%

Published

Apr 12, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Weaknesses (CWE)

CWE-126CWE-125

Affected Products (9)

arista · cloudeos (up to 4.26.9m)vulnerable

arista · cloudeos (up to 4.27.8m)vulnerable

arista · cloudeos (up to 4.28.5m)vulnerable

arista · cloudeos (up to 4.29.2f)vulnerable

amazon · aws_marketplace

equinix · network_edge

google · google_cloud_platform_marketplace

microsoft · azure_marketplace

arista · dca-200-veos

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085

ExploitPatchVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisory/17240-security-advisory-0085

ExploitPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs