CVE-2023-24548

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 82.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista Networks EOSArista EOS
Timeline
PublishedAug 29

Description

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDarista/eos4.22.1f4.22.13m+3
CVEListV5arista_networks/eos4.25.0F=4.25.0F+3

🔴Vulnerability Details

2
GHSA
GHSA-g69p-vmrw-qm7g: On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware2023-08-29
CVEList
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward pac2023-08-29