CVE-2023-24545Uncontrolled Resource Consumption in Cloudeos

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista CloudeosArista Networks EOS
Timeline
PublishedApr 12

Description

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDarista/cloudeos4.26.04.26.9m+3
CVEListV5arista_networks/eos4.29.04.29.1F+3

Patches

Patch: www.arista.comPatch: www.arista.com

🔴Vulnerability Details

2
CVEList
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.2023-04-12
GHSA
GHSA-mrmx-x4x8-wq2c: On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sen2023-04-12
CVE-2023-24545 — Uncontrolled Resource Consumption | cvebase