7.5
CWE
400
Advisory Published
Updated

CVE-2023-24545: On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.

First published: Wed Apr 12 2023(Updated: )

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Credit: psirt@arista.com

Affected SoftwareAffected VersionHow to fix
Arista CloudEOS>=4.26.0<4.26.9m
Arista CloudEOS>=4.27.0<4.27.8m
Arista CloudEOS>=4.28.0<4.28.5m
Arista CloudEOS>=4.29.0<4.29.2f
Arista Dca-200-veos

Remedy

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2023-24545 has been fixed in the following releases: 4.29.2F and later releases in the 4.29.x train 4.28.5M and later releases in the 4.28.x train 4.27.8M and later releases in the 4.27.x train 4.26.9M and later releases in the 4.26.x train

Remedy

The following hotfixes can be applied to remediate both CVE-2023-24545 and CVE-2023-24513. Due to the size of the hotfixes, there are multiple files. Each hotfix applies to a specific set of release trSecurityAdvisory8X_4.28_Hotfix.swixains: Note: Installing/uninstalling the SWIX will cause Sfe agent to restart and stop forwarding traffic for up to 10 seconds. 4.29.1F and below releases in the 4.29.x Train: URL:SecurityAdvisory85_4.29_Hotfix.swix SWIX Hash: SHA512 (SHA-512)c965e149cbbaa8698648af9290c5a728e9fe635186eee7629b789502ef37db4a94beea5ecd20e1dc8a19c2cc8988052b625cfccf764c28b8b0e9e4eef8e79bb4Open with Google Docs 4.28.5M and below releases in the 4.28.x train: URL:SecurityAdvisory85_4.28_Hotfix.swix SWIX Hash: (SHA-512)522d51c6548111d9819ef8b1523b8798ac6847012955e3f885c6f466c81468960fbd4497b45289c8f77297263111340fbdbd7003a30b64e3ef9a270ace62c079 4.27.8M and below releases in the 4.27.x train: URL:SecurityAdvisory85_4.27_Hotfix.swix SWIX Hash: (SHA-512)5ce5479c11abf185f50d484204555b2dfb9b1c93e8f475d027082ca0951cbfca0f331960a1dd111b8c079264b1dab31b0a62c8daf011afb27b1283c2382747a2Open with Go 4.26.9M and below releases in the 4.26.x train: URL:SecurityAdvisory85_4.26_Hotfix.swix SWIX Hash: (SHA-512)9386f12a24f35679bdeb08d506bf0bddb9703d1ef3043de2c06d09ff47f2dd0d1bd7aca0748febb5b04fbdeaed7c4ae2922086fb638c754c3a9a5384306396d2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-24545?

    CVE-2023-24545 is a vulnerability in Arista CloudEOS that can lead to a denial of service attack by sending malformed packets to the switch.

  • What is the severity of CVE-2023-24545?

    CVE-2023-24545 has a severity rating of 7.5 (high).

  • Which software platforms are affected by CVE-2023-24545?

    Affected platforms include Arista CloudEOS versions 4.26.0 to 4.26.9m, 4.27.0 to 4.27.8m, 4.28.0 to 4.28.5m, and 4.29.0 to 4.29.2f.

  • How does CVE-2023-24545 cause a denial of service attack?

    CVE-2023-24545 causes a leak of packet buffers on affected platforms, and if enough malformed packets are received, the switch may eventually stop working.

  • How can I fix CVE-2023-24545?

    To mitigate the vulnerability, it is recommended to update Arista CloudEOS to a patched version as specified in the vendor's security advisory.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203