8.8
CWE
863 284
Advisory Published
Updated

CVE-2023-24512

First published: Tue Apr 25 2023(Updated: )

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

Credit: psirt@arista.com

Affected SoftwareAffected VersionHow to fix
Arista EOS>=4.26.0<4.26.10m
Arista EOS>=4.27.0<4.27.9m
Arista EOS>=4.28.0<4.28.6m
Arista EOS>=4.29.0<4.29.2f
Arista 32qd
Arista 48ehs
Arista 48lbas
Arista 48lbs
Arista 48s6qd
Arista 7010t-48
Arista 7020sr-24c2
Arista 7020sr-32c2
Arista 7020tr-48
Arista 7020tra-48
Arista 7050cx3-32s
Arista 7050cx3m-32s
Arista 7050qx-32s
Arista 7050qx2-32s
Arista 7050sx-128
Arista 7050sx-64
Arista 7050sx-72q
Arista 7050sx2-128
Arista 7050sx2-72q
Arista 7050sx3-48c8
Arista 7050sx3-48yc
Arista 7050sx3-48yc12
Arista 7050sx3-48yc8
Arista 7050sx3-96yc8
Arista 7050tx-48
Arista 7050tx-64
Arista 7050tx-72q
Arista 7050tx2-128
Arista 7050tx3-48c8
Arista 7060cx-32s
Arista 7060cx2-32s
Arista 7060dx4-32
Arista 7060px4-32
Arista 7060sx2-48yc6
Arista 7130-16g3s
Arista 7130-48g3s
Arista 7130-96s
Arista 7150s-24
Arista 7150s-52
Arista 7150s-64
Arista 7150sc-24
Arista 7150sc-64
Arista 7160-32cq
Arista 7160-48tc6
Arista 7160-48yc6
Arista 7170-32c
Arista 7170-32cd
Arista 7170-64c
Arista 7170b-64c
Arista 720df-48y
Arista 720dp-24s
Arista 720dp-48s
Arista 720dt-24s
Arista 720dt-48s
Arista 720xp-24y6
Arista 720xp-24zy4
Arista 720xp-48y6
Arista 720xp-48zc2
Arista 720xp-96zc2
Arista 7250qx-64
Arista 7260cx
Arista 7260cx3
Arista 7260qx
Arista 7260sx2
Arista 7280cr2k-60
Arista 7280cr3-32d4
Arista 7280cr3-32p4
Arista 7280cr3-96
Arista 7280cr3k-32d4
Arista 7280cr3k-32p4
Arista 7280cr3k-96
Arista 7280dr3-24
Arista 7280dr3k-24
Arista 7280e
Arista 7280pr3-24
Arista 7280pr3k-24
Arista 7280sr3-48yc8
Arista 7280sr3k-48yc8
Arista 7300x-32q
Arista 7300x-64s
Arista 7300x-64t
Arista 7300x3-32c
Arista 7300x3-48yc4
Arista 7320x-32c
Arista 7358x4
Arista 7368x4
Arista 7388x5
Arista 7500r3-24d
Arista 7500r3-24p
Arista 7500r3-36cq
Arista 7500r3k-36cq
Arista 7804r3
Arista 7808r3
Arista 7812r3
Arista 7816r3
Arista 96lbs
Arista Dcs-7010tx-48
Arista Dcs-7500-12cq-lc
Arista Dcs-7500e-12cm-lc
Arista Dcs-7500e-36q-lc
Arista Dcs-7500e-48s-lc
Arista Dcs-7500e-6c2-lc
Arista Dcs-7500e-72s-lc
Arista Dcs-7500r-36cq-lc
Arista Dcs-7500r-36q-lc
Arista Dcs-7500r-48s2cq-lc
Arista Ceos-lab
Arista CloudEOS
Arista Veos-lab

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203