CVE-2024-5872

3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 66.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedJan 10

Description

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

CVEListV5arista_networks/eos4.32.0F4.32.2F+4

🔴Vulnerability Details

2
CVEList
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as rou2025-01-10
GHSA
GHSA-wq57-x73w-8875: On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control2025-01-10
CVE-2024-5872 (MEDIUM CVSS 6.5) | On affected platforms running Arist | cvebase.io