First published: Thu Apr 13 2023(Updated: )
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.23<=4.23.13m | |
Arista EOS | >=4.24.0<4.24.11m | |
Arista EOS | >=4.25.0<4.25.10m | |
Arista EOS | >=4.26.0<4.26.9m | |
Arista EOS | >=4.27.0<4.27.7m | |
Arista EOS | >=4.28.0<4.28.4m | |
Arista 704x3 | ||
Arista 7304x | ||
Arista 7304x3 | ||
Arista 7308x | ||
Arista 7316x | ||
Arista 7324x | ||
Arista 7328x | ||
Arista 7504r | ||
Arista 7504r3 | ||
Arista 7508r | ||
Arista 7508r3 | ||
Arista 7512r | ||
Arista 7512r3 | ||
Arista 7516r | ||
Arista 755x | ||
Arista 758x | ||
Arista 7804r3 | ||
Arista 7808r3 | ||
Arista 7812r3 | ||
Arista 7816r3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-24509 is critical, with a CVSS score of 7.8.
CVE-2023-24509 allows an unprivileged user to escalate privileges and login as a root user on affected Arista EOS platforms with redundant supervisor modules and RPR or SSO configured.
Arista EOS versions 4.23 to 4.28.4m are affected by CVE-2023-24509.
To mitigate CVE-2023-24509, upgrade to a fixed version of Arista EOS, such as 4.29 or later.
More information about CVE-2023-24509 can be found in the Arista Security Advisory 0082 at https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082.