CVE-2023-24511: On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.
First published: Wed Apr 12 2023(Updated: )
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista EOS | >=4.26.0<4.26.10m | |
| Arista EOS | >=4.27.0<4.27.9m | |
| Arista EOS | >=4.28.0<4.28.6m | |
| Arista EOS | >=4.29.0<4.29.2f | |
| Arista Ceos | ||
| Arista CloudEOS | ||
| Arista Veos | ||
| Arista 7010t-48 | ||
| Arista 7010t | ||
| Arista DCS-7010TX-48 | ||
| Arista DCS-7010TX-48 | ||
| Arista 7020sr-24c2 | ||
| Arista 7020sr-32c2 | ||
| Arista 7020tra-48 | ||
| Arista 7020tra-48 | ||
| Arista DCS-7050CX3-32S | ||
| Arista Dcs-7050cx3m-32s | ||
| Arista 7050qx-32s | ||
| Arista 7050qx2-32s | ||
| Arista 7050SX-128 | ||
| Arista 7050sx-64 | ||
| Arista 7050sx2-72q | ||
| Arista 7050SX2 series | ||
| Arista 7050sx2-72q | ||
| Arista DCS-7050SX3-48C8 | ||
| Arista 7050SX3-48YC | ||
| Arista DCS-7050SX3-48YC12 | ||
| Arista Dcs-7050sx3-48yc8 | ||
| Arista DCS-7050SX3-96YC8 | ||
| Arista 7050TX-48 | ||
| Arista 7050tx-64 | ||
| Arista 7050tx-72q | ||
| Arista 7050TX2-128 | ||
| Arista Dcs-7050tx3-48c8 | ||
| Arista 7060cx2-32s | ||
| Arista 7060cx2-32s | ||
| Arista 7060dx4-32 | ||
| Arista 7060px4-32 | ||
| Arista 7060sx2-48yc6 | ||
| Arista 7150s-24 | ||
| Arista 7150s-52 | ||
| Arista 7150 Series | ||
| Arista 7150sc-24 | ||
| Arista 7150sc-64 | ||
| Arista 7160-32cq | ||
| Arista 7160-48tc6 | ||
| Arista 7160-48yc6 | ||
| Arista 7170-32cd | ||
| Arista 7170-32cd | ||
| Arista 7170b-64c | ||
| Arista 7170b-64c | ||
| Arista 720df-48y | ||
| Arista 720dp-24s | ||
| Arista 720dp-48s | ||
| Arista 720dt-24s | ||
| Arista 720dt-48s | ||
| Arista 720dt-48y | ||
| Arista Ccs-720xp-24y6 | ||
| Arista Ccs-720xp-24zy4 | ||
| Arista Ccs-720xp-48y6 | ||
| Arista Ccs-720xp-48zc2 | ||
| Arista 720xp-96zc2 | ||
| Arista CCS-722XPM-48Y4 | ||
| Arista Ccs-722xpm-48zy8 | ||
| Arista 7250qx-64 | ||
| Arista 7260cx | ||
| Arista 7260cx3-64 | ||
| Arista 7260cx3 | ||
| Arista 7260qx | ||
| Arista 7260qx | ||
| Arista 7280CR2AK-30 | ||
| Arista 7280CR2K-60 | ||
| Arista 7280CR3K-32D4 | ||
| Arista 7280CR3K-32P4 | ||
| Arista 7280CR3-96 | ||
| Arista 7280CR3K-32D4 | ||
| Arista 7280CR3K-32P4 | ||
| Arista 7280CR3K-96 | ||
| Arista 7280DR3K-24 | ||
| Arista 7280DR3K-24 | ||
| Arista 7280e | ||
| Arista 7280PR3K-24 | ||
| Arista 7280PR3K-24 | ||
| Arista 7280R Series | ||
| Arista 7280R2 | ||
| Arista 7280R Series | ||
| Arista 7280SR3-48YC8 | ||
| Arista 7280SR3K-48YC8 | ||
| Arista 7300x-32q | ||
| Arista 7300X Series | ||
| Arista 7300x-64t | ||
| Arista 7300x3-32c | ||
| Arista 7300X3-48YC4 | ||
| Arista 7304 | ||
| Arista 7308x3 | ||
| Arista 7316 | ||
| Arista 7320x-32c | ||
| Arista 7368x4 | ||
| Arista 7388x5 | ||
| Arista DCS-7500E-6C2-LC | ||
| Arista 7500 Series | ||
| Arista 7500 Series | ||
| Arista 7500R Series | ||
| Arista 7500 Series | ||
| Arista 7500R Series Switch | ||
| Arista 7500R series | ||
| Arista 7500R series | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista 7800 Series | ||
| Arista CCS-750X-48THP | ||
| Arista CCS-750X-48THP | ||
| Arista CCS-750X-48ZP | ||
| Arista Ccs-750x-48zxp |
Remedy
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084
Remedy
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades CVE-2023-24511 has been fixed in the following releases: 4.29.2F and later releases in the 4.29.x train 4.28.6M and later releases in the 4.28.x train 4.27.9M and later releases in the 4.27.x train 4.26.10M and later releases in the 4.26.x train
Remedy
The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: 4.29.1F and below releases in the 4.29.x train 4.28.5.1M and below releases in the 4.28.x train 4.27.8.1M and below releases in the 4.27.x train 4.26.9M and below releases in the 4.26.x train Note: Installing/uninstalling the SWIX will cause the snmpd process to restart Version: 1.0 URL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix SWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix (SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-24511?
CVE-2023-24511 is rated as a medium severity vulnerability due to its potential to cause memory leaks and disrupt SNMP services.
How do I fix CVE-2023-24511?
To fix CVE-2023-24511, upgrade to a version of Arista EOS above 4.29.2f or the specified patched versions in their advisory.
What systems are affected by CVE-2023-24511?
CVE-2023-24511 affects Arista EOS versions 4.26.0 through 4.26.10m, 4.27.0 through 4.27.9m, 4.28.0 through 4.28.6m, and up to 4.29.2f.
What impact does CVE-2023-24511 have?
CVE-2023-24511 can lead to a memory leak in the snmpd process, causing SNMP requests to time out until the process is restarted.
Is there a workaround for CVE-2023-24511?
There is no official workaround for CVE-2023-24511; upgrading to a patched version is the recommended mitigation.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/title
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/arista
- canonical/arista eos
- version/arista eos/4.26.0
- version/arista eos/4.27.0
- version/arista eos/4.28.0
- version/arista eos/4.29.0
- canonical/arista ceos
- canonical/arista cloudeos
- canonical/arista veos
- canonical/arista 7010t-48
- canonical/arista 7010t
- canonical/arista dcs-7010tx-48
- canonical/arista 7020sr-24c2
- canonical/arista 7020sr-32c2
- canonical/arista 7020tra-48
- canonical/arista dcs-7050cx3-32s
- canonical/arista dcs-7050cx3m-32s
- canonical/arista 7050qx-32s
- canonical/arista 7050qx2-32s
- canonical/arista 7050sx-128
- canonical/arista 7050sx-64
- canonical/arista 7050sx2-72q
- canonical/arista 7050sx2 series
- canonical/arista dcs-7050sx3-48c8
- canonical/arista 7050sx3-48yc
- canonical/arista dcs-7050sx3-48yc12
- canonical/arista dcs-7050sx3-48yc8
- canonical/arista dcs-7050sx3-96yc8
- canonical/arista 7050tx-48
- canonical/arista 7050tx-64
- canonical/arista 7050tx-72q
- canonical/arista 7050tx2-128
- canonical/arista dcs-7050tx3-48c8
- canonical/arista 7060cx2-32s
- canonical/arista 7060dx4-32
- canonical/arista 7060px4-32
- canonical/arista 7060sx2-48yc6
- canonical/arista 7150s-24
- canonical/arista 7150s-52
- canonical/arista 7150 series
- canonical/arista 7150sc-24
- canonical/arista 7150sc-64
- canonical/arista 7160-32cq
- canonical/arista 7160-48tc6
- canonical/arista 7160-48yc6
- canonical/arista 7170-32cd
- canonical/arista 7170b-64c
- canonical/arista 720df-48y
- canonical/arista 720dp-24s
- canonical/arista 720dp-48s
- canonical/arista 720dt-24s
- canonical/arista 720dt-48s
- canonical/arista 720dt-48y
- canonical/arista ccs-720xp-24y6
- canonical/arista ccs-720xp-24zy4
- canonical/arista ccs-720xp-48y6
- canonical/arista ccs-720xp-48zc2
- canonical/arista 720xp-96zc2
- canonical/arista ccs-722xpm-48y4
- canonical/arista ccs-722xpm-48zy8
- canonical/arista 7250qx-64
- canonical/arista 7260cx
- canonical/arista 7260cx3-64
- canonical/arista 7260cx3
- canonical/arista 7260qx
- canonical/arista 7280cr2ak-30
- canonical/arista 7280cr2k-60
- canonical/arista 7280cr3k-32d4
- canonical/arista 7280cr3k-32p4
- canonical/arista 7280cr3-96
- canonical/arista 7280cr3k-96
- canonical/arista 7280dr3k-24
- canonical/arista 7280e
- canonical/arista 7280pr3k-24
- canonical/arista 7280r series
- canonical/arista 7280r2
- canonical/arista 7280sr3-48yc8
- canonical/arista 7280sr3k-48yc8
- canonical/arista 7300x-32q
- canonical/arista 7300x series
- canonical/arista 7300x-64t
- canonical/arista 7300x3-32c
- canonical/arista 7300x3-48yc4
- canonical/arista 7304
- canonical/arista 7308x3
- canonical/arista 7316
- canonical/arista 7320x-32c
- canonical/arista 7368x4
- canonical/arista 7388x5
- canonical/arista dcs-7500e-6c2-lc
- canonical/arista 7500 series
- canonical/arista 7500r series
- canonical/arista 7500r series switch
- canonical/arista 7800 series
- canonical/arista ccs-750x-48thp
- canonical/arista ccs-750x-48zp
- canonical/arista ccs-750x-48zxp