cbcvebase.
CVE-2023-24545
published 2023-04-12

CVE-2023-24545: On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.78%
51.1th percentile
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Affected

8 ranges
VendorProductVersion rangeFixed in
aristacloudeos>= 4.26.0 < 4.26.9m4.26.9m
aristacloudeos>= 4.27.0 < 4.27.8m4.27.8m
aristacloudeos>= 4.28.0 < 4.28.5m4.28.5m
aristacloudeos>= 4.29.0 < 4.29.2f4.29.2f
arista_networkseos4.26.8M – 4.26.8M
arista_networkseos4.27.0 – 4.27.7M
arista_networkseos4.28.0 – 4.28.4M
arista_networkseos4.29.0 – 4.29.1F
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.