{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24548", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2023-01-26T11:37:43.827Z", "datePublished": "2023-08-29T16:13:10.451Z", "dateUpdated": "2024-09-30T17:46:19.199Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EOS", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "=4.25.0F", "status": "affected", "version": "4.25.0F", "versionType": "custom"}, {"lessThanOrEqual": "<=4.24.11M", "status": "affected", "version": "4.24.0", "versionType": "custom"}, {"lessThanOrEqual": "<=4.23.14M", "status": "affected", "version": "4.23.0", "versionType": "custom"}, {"lessThanOrEqual": "<=4.22.13M", "status": "affected", "version": "4.22.1F", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p><span style=\"background-color: transparent;\">In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:</span></p><br><p><span style=\"background-color: transparent;\">IP routing should be enabled:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">Switch&gt; show running-config section ip routing</span></p><p><span style=\"background-color: transparent;\">ip routing</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN should be configured - a sample configuration is found below:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Loopback interface configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section loopback</span></p><p><span style=\"background-color: transparent;\">interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 10.0.0.1/32</span></p><br><p><span style=\"background-color: transparent;\"># VXLAN VTEP configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vxlan</span></p><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan source-interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan udp-port 4789</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan flood vtep 10.0.0.2</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN extended VLAN or VNI must be routable - two examples are shown below:</span><span style=\"background-color: transparent;\">&nbsp;</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Overlay interface</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vlan</span></p><p><span style=\"background-color: transparent;\">vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Ethernet1/1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;switchport access vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Vlan100</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 1.0.0.1/24</span></p><br><p><span style=\"background-color: transparent;\">Interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; vxlan vlan 100 vni 100000</span></p></td></tr></tbody></table></div><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show running-config section red</span></p><p><span style=\"background-color: transparent;\">vrf instance red</span></p><p><span style=\"background-color: transparent;\">ip routing vrf red</span></p><br><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan vrf red vni 200000</span></p></td></tr></tbody></table></div><br><br><p><span style=\"background-color: transparent;\">Whether such a configuration exists can be checked as follows:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show vxlan vni</span></p><p><span style=\"background-color: transparent;\">VNI to VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; Source &nbsp; &nbsp; &nbsp; Interface &nbsp; &nbsp; &nbsp; &nbsp; 802.1Q Tag</span></p><p><span style=\"background-color: transparent;\">------------ ---------- ------------ ----------------- ----------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; static &nbsp; &nbsp; &nbsp; Ethernet1/1 &nbsp; &nbsp; &nbsp; untagged</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vxlan1  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 100</span></p><br><p><span style=\"background-color: transparent;\">VNI to dynamic VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; VRF &nbsp; &nbsp; &nbsp; Source</span></p><p><span style=\"background-color: transparent;\">------------ ---------- --------- ------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">200000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; red &nbsp; &nbsp; &nbsp; evpn</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show vlan</span></p><p><span style=\"background-color: transparent;\">VLAN  Name &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status  &nbsp; Ports</span></p><p><span style=\"background-color: transparent;\">----- -------------------------------- --------- -------------------------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> &nbsp; VLAN0100 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\">* VLAN1006 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show ip interface brief</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Address</span></p><p><span style=\"background-color: transparent;\">Interface &nbsp; &nbsp; &nbsp; &nbsp; IP Address  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; &nbsp; &nbsp; Protocol  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MTU  &nbsp; Owner</span></p><p><span style=\"background-color: transparent;\">----------------- --------------------- ------------ -------------- ----------- -------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan100</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1.0.0.1/24  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1500</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan1006</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unassigned  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10168</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">From the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.</span></p></b><br><br>"}], "value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch> show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch> show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch> show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch> show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch> show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch> show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI  \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI  \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch> show vlan\n\nVLAN  Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status  \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active  \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active  \u00a0 Cpu, Vx1\n\n\n\nswitch> show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU  \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"}], "datePublic": "2023-08-23T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">On</span> <span style=\"background-color: transparent;\">affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.</span></b><br>"}], "value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"}], "impacts": [{"capecId": "CAPEC-583", "descriptions": [{"lang": "en", "value": "CAPEC-583 Disabling Network Hardware"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2023-08-29T16:13:10.451Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p><span style=\"background-color: transparent;\">The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"><span style=\"background-color: transparent;\">EOS User Manual: Upgrades and Downgrades</span></a></p><br><p><span style=\"background-color: transparent;\">CVE-2023-24548 has been fixed in the following releases:</span></p><ul><li><p><span style=\"background-color: transparent;\">4.30.0F and later releases in the 4.30.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.29.0F and later releases in the 4.29.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.28.0F and later releases in the 4.28.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.27.0F and later releases in the 4.27.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.26.0F and later releases in the 4.26.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.25.1F and later releases in the 4.25.x train</span></p></li></ul><span style=\"background-color: transparent;\">No remediation is planned for EOS software versions that are beyond their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"><span style=\"background-color: transparent;\">standard EOS support lifecycle</span></a><span style=\"background-color: transparent;\"> (i.e. 4.22, 4.23).</span></b><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n  *  4.30.0F and later releases in the 4.30.x train\n\n\n  *  4.29.0F and later releases in the 4.29.x train\n\n\n  *  4.28.0F and later releases in the 4.28.x train\n\n\n  *  4.27.0F and later releases in the 4.27.x train\n\n\n  *  4.26.0F and later releases in the 4.26.x train\n\n\n  *  4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their  standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy  (i.e. 4.22, 4.23).\n"}], "source": {"advisory": "Security Advisory 89", "defect": ["828687"], "discovery": "INTERNAL"}, "title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</span></b><br>"}], "value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.834Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T17:34:44.954023Z", "id": "CVE-2023-24548", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:46:19.199Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24548", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2023-01-26T11:37:43.827Z", "datePublished": "2023-08-29T16:13:10.451Z", "dateUpdated": "2024-09-30T17:46:19.199Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EOS", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "=4.25.0F", "status": "affected", "version": "4.25.0F", "versionType": "custom"}, {"lessThanOrEqual": "<=4.24.11M", "status": "affected", "version": "4.24.0", "versionType": "custom"}, {"lessThanOrEqual": "<=4.23.14M", "status": "affected", "version": "4.23.0", "versionType": "custom"}, {"lessThanOrEqual": "<=4.22.13M", "status": "affected", "version": "4.22.1F", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p><span style=\"background-color: transparent;\">In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:</span></p><br><p><span style=\"background-color: transparent;\">IP routing should be enabled:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">Switch&gt; show running-config section ip routing</span></p><p><span style=\"background-color: transparent;\">ip routing</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN should be configured - a sample configuration is found below:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Loopback interface configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section loopback</span></p><p><span style=\"background-color: transparent;\">interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 10.0.0.1/32</span></p><br><p><span style=\"background-color: transparent;\"># VXLAN VTEP configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vxlan</span></p><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan source-interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan udp-port 4789</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan flood vtep 10.0.0.2</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN extended VLAN or VNI must be routable - two examples are shown below:</span><span style=\"background-color: transparent;\">&nbsp;</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Overlay interface</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vlan</span></p><p><span style=\"background-color: transparent;\">vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Ethernet1/1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;switchport access vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Vlan100</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 1.0.0.1/24</span></p><br><p><span style=\"background-color: transparent;\">Interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; vxlan vlan 100 vni 100000</span></p></td></tr></tbody></table></div><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show running-config section red</span></p><p><span style=\"background-color: transparent;\">vrf instance red</span></p><p><span style=\"background-color: transparent;\">ip routing vrf red</span></p><br><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan vrf red vni 200000</span></p></td></tr></tbody></table></div><br><br><p><span style=\"background-color: transparent;\">Whether such a configuration exists can be checked as follows:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show vxlan vni</span></p><p><span style=\"background-color: transparent;\">VNI to VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; Source &nbsp; &nbsp; &nbsp; Interface &nbsp; &nbsp; &nbsp; &nbsp; 802.1Q Tag</span></p><p><span style=\"background-color: transparent;\">------------ ---------- ------------ ----------------- ----------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; static &nbsp; &nbsp; &nbsp; Ethernet1/1 &nbsp; &nbsp; &nbsp; untagged</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vxlan1  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 100</span></p><br><p><span style=\"background-color: transparent;\">VNI to dynamic VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; VRF &nbsp; &nbsp; &nbsp; Source</span></p><p><span style=\"background-color: transparent;\">------------ ---------- --------- ------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">200000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; red &nbsp; &nbsp; &nbsp; evpn</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show vlan</span></p><p><span style=\"background-color: transparent;\">VLAN  Name &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status  &nbsp; Ports</span></p><p><span style=\"background-color: transparent;\">----- -------------------------------- --------- -------------------------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> &nbsp; VLAN0100 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\">* VLAN1006 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show ip interface brief</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Address</span></p><p><span style=\"background-color: transparent;\">Interface &nbsp; &nbsp; &nbsp; &nbsp; IP Address  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; &nbsp; &nbsp; Protocol  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MTU  &nbsp; Owner</span></p><p><span style=\"background-color: transparent;\">----------------- --------------------- ------------ -------------- ----------- -------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan100</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1.0.0.1/24  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1500</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan1006</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unassigned  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10168</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">From the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.</span></p></b><br><br>"}], "value": "In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch> show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch> show running-config section loopback\n\ninterface Loopback0\n\n\u00a0 \u00a0ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch> show running-config section vxlan\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan source-interface Loopback0\n\n\u00a0 \u00a0vxlan udp-port 4789\n\n\u00a0 \u00a0vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below:\u00a0\n\n\n# Overlay interface\n\nswitch> show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n\u00a0 \u00a0switchport access vlan 100\n\ninterface Vlan100\n\n\u00a0 \u00a0ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n\u00a0 vxlan vlan 100 vni 100000\n\n\n\n\nswitch> show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n\u00a0 \u00a0vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch> show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI  \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 \u00a0 Interface \u00a0 \u00a0 \u00a0 \u00a0 802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000 \u00a0 \u00a0 \u00a0 100\u00a0 \u00a0 \u00a0 \u00a0 static \u00a0 \u00a0 \u00a0 Ethernet1/1 \u00a0 \u00a0 \u00a0 untagged\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Vxlan1  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI  \u00a0 \u00a0 \u00a0 \u00a0 VLAN \u00a0 \u00a0 \u00a0 VRF \u00a0 \u00a0 \u00a0 Source\n\n------------ ---------- --------- ------------\n\n200000 \u00a0 \u00a0 \u00a0 1006 \u00a0 \u00a0 \u00a0 red \u00a0 \u00a0 \u00a0 evpn\n\n\n\nswitch> show vlan\n\nVLAN  Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status  \u00a0 Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100 \u00a0 VLAN0100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active  \u00a0 Cpu, Vx1\n\n1006* VLAN1006 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active  \u00a0 Cpu, Vx1\n\n\n\nswitch> show ip interface brief\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Address\n\nInterface \u00a0 \u00a0 \u00a0 \u00a0 IP Address  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status \u00a0 \u00a0 \u00a0 Protocol  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MTU  \u00a0 Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1.0.0.1/24  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1500\n\nVlan1006\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 unassigned  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 up  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"}], "datePublic": "2023-08-23T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">On</span> <span style=\"background-color: transparent;\">affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.</span></b><br>"}], "value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"}], "impacts": [{"capecId": "CAPEC-583", "descriptions": [{"lang": "en", "value": "CAPEC-583 Disabling Network Hardware"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2023-08-29T16:13:10.451Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><p><span style=\"background-color: transparent;\">The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"><span style=\"background-color: transparent;\">EOS User Manual: Upgrades and Downgrades</span></a></p><br><p><span style=\"background-color: transparent;\">CVE-2023-24548 has been fixed in the following releases:</span></p><ul><li><p><span style=\"background-color: transparent;\">4.30.0F and later releases in the 4.30.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.29.0F and later releases in the 4.29.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.28.0F and later releases in the 4.28.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.27.0F and later releases in the 4.27.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.26.0F and later releases in the 4.26.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.25.1F and later releases in the 4.25.x train</span></p></li></ul><span style=\"background-color: transparent;\">No remediation is planned for EOS software versions that are beyond their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"><span style=\"background-color: transparent;\">standard EOS support lifecycle</span></a><span style=\"background-color: transparent;\"> (i.e. 4.22, 4.23).</span></b><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n  *  4.30.0F and later releases in the 4.30.x train\n\n\n  *  4.29.0F and later releases in the 4.29.x train\n\n\n  *  4.28.0F and later releases in the 4.28.x train\n\n\n  *  4.27.0F and later releases in the 4.27.x train\n\n\n  *  4.26.0F and later releases in the 4.26.x train\n\n\n  *  4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their  standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy  (i.e. 4.22, 4.23).\n"}], "source": {"advisory": "Security Advisory 89", "defect": ["828687"], "discovery": "INTERNAL"}, "title": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b><span style=\"background-color: transparent;\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</span></b><br>"}], "value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:03:18.834Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-24548", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-30T17:34:44.954023Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T17:46:14.286Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9F1F226-FDB1-4452-B166-D08635DAEC5B", "versionEndIncluding": "4.22.13m", "versionStartIncluding": "4.22.1f", "vulnerable": true}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "matchCriteriaId": "13BE6AE1-4649-4E0B-A4CA-2632CD400940", "versionEndIncluding": "4.23.14m", "versionStartIncluding": "4.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2909559A-6FB4-400C-A1AE-BF2B883F4964", "versionEndIncluding": "4.24.11m", "versionStartIncluding": "4.24.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*", "matchCriteriaId": "37536357-7701-48BE-9751-9BADD8E4AAAF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FEC18B3-7980-4EBF-8E15-F8E92DADD062", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*", "matchCriteriaId": "87E85F7C-F33B-49C1-A526-ACC1BEF3B65C", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3B9CB1B-730E-45C9-A0B1-3C2F4A72A159", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E54F451-CA87-4F32-A088-AE18123CE07A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*", "matchCriteriaId": "43B967ED-2212-4558-A9AC-ACA94C94FD39", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD7877C6-9DE4-4952-94D2-3A456D02CF1A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FD635FB-5EA8-4B02-894C-4C016090AAB3", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "85D9E9FF-564E-4B16-8070-33A366F48FE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC1F6DBC-212F-4E0B-B039-06955322B0D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC474A71-8D2F-4138-9D65-E2F86B0B62DC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*", "matchCriteriaId": "1943057A-5776-4B20-97C7-03CE14AEA367", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AE86A14-76ED-4427-94CC-7BF335BB9369", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*", "matchCriteriaId": "986DCBF4-E4FB-41EE-BD1B-D62A4EC7237E", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EA04EA0-170A-4B79-96B8-8F09D6FFC261", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F14163D2-B236-4C78-9DB4-97DE6D996EBC", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4B5A8D4-43BA-4591-BE00-00031D4BDBE3", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*", "matchCriteriaId": "8143579F-AD53-4D74-AE3E-4D465DCD7A57", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*", "matchCriteriaId": "939772F0-4352-46C1-B6D5-38FA12EBF6E1", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*", "matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCDF5089-5914-4B4F-A2E6-0EB2B40698A5", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E49B089-AE52-4B47-A3B4-547D10ACED9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*", "matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*", "matchCriteriaId": "26FDC60C-860F-40BD-AF13-54712B56C87F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*", "matchCriteriaId": "70658CB0-D114-40E5-866D-B21875FFF93C", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6BBA281-F67E-4D13-BDCD-E1164912EC8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3B0C0EE-3C5E-4E3E-9BAE-9D5D06A98CAB", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABAC894C-D39E-4BB2-A968-E2F23C299A29", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2C6E3F9-0191-4BC5-A89C-58BF13C195B6", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B813A1-8BD1-4AFA-95A3-5947A918E9AF", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*", "matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*", "matchCriteriaId": "9615121C-4EC0-44F5-8C00-E70271CC04A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "185E4E68-D5EF-4B7B-B1EF-7EF1B00F118C", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758", "vulnerable": false}, {"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"}], "id": "CVE-2023-24548", "lastModified": "2024-11-21T07:48:06.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "psirt@arista.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-29T17:15:11.790", "references": [{"source": "psirt@arista.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "psirt@arista.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}