AristaCVELIST:CVE-2023-24513CVE-2023-24513 On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
29.0%
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
CNA Affected
[
{
"vendor": "Arista Networks",
"product": "EOS",
"versions": [
{
"version": "4.29.0",
"status": "affected",
"lessThanOrEqual": "4.29.1F",
"versionType": "custom"
},
{
"version": "4.28.0",
"status": "affected",
"lessThanOrEqual": "4.28.5M",
"versionType": "custom"
},
{
"version": "4.27.0",
"status": "affected",
"lessThanOrEqual": "4.27.8M",
"versionType": "custom"
},
{
"version": "4.26.0",
"status": "affected",
"lessThanOrEqual": "4.26.9M",
"versionType": "custom"
}
]
}
]Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
0.001 Low
EPSS
Percentile
29.0%