First published: Wed Apr 12 2023(Updated: )
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista CloudEOS | >=4.26.0<4.26.9m | |
Arista CloudEOS | >=4.27.0<4.27.8m | |
Arista CloudEOS | >=4.28.0<4.28.5m | |
Arista CloudEOS | >=4.29.0<4.29.2f | |
Amazon Aws Marketplace | ||
Equinix Network Edge | ||
Google Google Cloud Platform Marketplace | ||
Microsoft Azure Marketplace | ||
Arista Dca-200-veos |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-24513 is a vulnerability in Arista CloudEOS that can lead to a potential denial of service attack by sending malformed packets to the switch.
CVE-2023-24513 has a severity rating of 7.5 (High).
Arista CloudEOS versions 4.26.0 to 4.29.2f are affected by CVE-2023-24513.
CVE-2023-24513 exploits an issue in the Software Forwarding Engine (Sfe) of Arista CloudEOS, causing a leak of packet buffers when receiving malformed packets.
No, Amazon AWS Marketplace is not affected by CVE-2023-24513.