CVE-2023-24513

CVSS V2 None CVSS V3 None
Description
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
Overview
  • CVE ID
  • CVE-2023-24513
  • Assigner
  • psirt@arista.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-12T20:15:07
  • Last Modified Date
  • 2023-04-24T16:00:57
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 1 OR 4.26.0 4.26.9m
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 1 OR 4.27.0 4.27.8m
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 1 OR 4.28.0 4.28.5m
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 1 OR 4.29.0 4.29.2f
cpe:2.3:a:amazon:aws_marketplace:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:equinix:network_edge:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:google:google_cloud_platform_marketplace:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:microsoft:azure_marketplace:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:arista:dca-200-veos:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 04:37:27 Added to TrackCVE
2023-04-17 04:37:29 Weakness Enumeration new
2023-04-18 15:00:18 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-24 17:00:43 2023-04-24T16:00:57 CVE Modified Date updated
2023-04-24 17:00:43 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-24 17:00:49 Weakness Enumeration update
2023-04-24 17:00:52 CPE Information updated