CVE-2024-9448Improper Validation of Specified Quantity in Input in Networks EOS

CWE-1284Improper Validation of Specified Quantity in Input3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 49.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedMay 8

Description

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5arista_networks/eos4.33.04.33.0F+3

🔴Vulnerability Details

2
CVEList
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the r2025-05-08
GHSA
GHSA-vjv2-pp4x-76x9: On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Po2025-05-08
CVE-2024-9448 — Arista Networks EOS vulnerability | cvebase