First published: Tue Aug 29 2023(Updated: )
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
Credit: psirt@arista.com psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.22.1f<=4.22.13m | |
Arista EOS | >=4.23.0<=4.23.14m | |
Arista EOS | >=4.24.0<=4.24.11m | |
Arista EOS | =4.25.0f | |
Arista 7280cr3-32d4 | ||
Arista 7280cr3-32p4 | ||
Arista 7280cr3-36s | ||
Arista 7280cr3-96 | ||
Arista 7280cr3a-24d12 | ||
Arista 7280cr3a-48d6 | ||
Arista 7280cr3a-72 | ||
Arista 7280dr3-24 | ||
Arista 7280dr3a-36 | ||
Arista 7280dr3a-54 | ||
Arista 7280dr3ak-36 | ||
Arista 7280dr3ak-54 | ||
Arista 7280dr3am-36 | ||
Arista 7280dr3am-54 | ||
Arista 7280pr3-24 | ||
Arista 7280r3 | ||
Arista 7280sr3-40yc6 | ||
Arista 7280sr3-48yc8 | ||
Arista 7280tr3-40c6 | ||
Arista 7500r3-24d | ||
Arista 7500r3-24p | ||
Arista 7500r3-36cq | ||
Arista 7500r3k-36cq | ||
Arista 7500r3k-48y4d | ||
Arista 7504r3 | ||
Arista 7508r3 | ||
Arista 7512r3 | ||
Arista 7800r3-36d | ||
Arista 7800r3-36p | ||
Arista 7800r3-48cq | ||
Arista 7800r3a-36d | ||
Arista 7800r3a-36dm | ||
Arista 7800r3a-36p | ||
Arista 7800r3a-36pm | ||
Arista 7800r3ak-36dm | ||
Arista 7800r3ak-36pm | ||
Arista 7800r3k-36dm | ||
Arista 7800r3k-48cq | ||
Arista 7800r3k-48cqms | ||
Arista 7800r3k-72y7512r3 | ||
Arista 7808r3 | ||
Arista 7812r3 | ||
Arista 7816r3 |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2023-24548 has been fixed in the following releases: * 4.30.0F and later releases in the 4.30.x train * 4.29.0F and later releases in the 4.29.x train * 4.28.0F and later releases in the 4.28.x train * 4.27.0F and later releases in the 4.27.x train * 4.26.0F and later releases in the 4.26.x train * 4.25.1F and later releases in the 4.25.x train No remediation is planned for EOS software versions that are beyond their standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy (i.e. 4.22, 4.23).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-24548.
The severity level of CVE-2023-24548 is medium (6.5).
Platforms running Arista EOS with VXLAN configured are affected.
CVE-2023-24548 can be exploited by sending malformed or truncated packets over a VXLAN tunnel.
Yes, remediation measures need to be put in place to fix CVE-2023-24548.