Arista Security Advisories

Date: April 25, 2023     Revision Date Changes 1.0 April 25, 2023 Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG751697 Description On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to upda ...

Date: April 11, 2023   Revision Date Changes 1.0 April 11, 2023 Initial release This advisory consists of two CVEs which affect the Arista CloudEOS product. CVE-ID: CVE-2023-24545 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Common Weakness Enumeration: CWE-400- Uncontrolled Resource Consumption This vulnerability is being tracked by BUG 743423 CVE-ID: CVE-2023-24513 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) Com ...

Date: April 11, 2023   Revision Date Changes 1.0 April 11, 2023 Initial release   The CVE-ID tracking this issue: CVE-2023-24511 CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Common Weakness Enumeration: CWE-401 Missing Release of Memory after Effective Lifetime This vulnerability is being tracked by BUG 751040 Description On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the ...

Date: March 7, 2023   Revision Date Changes 1.0 March 7, 2023 Initial release The CVE-ID tracking this issue: CVE-2023-24546 CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L) Note: This issue has been filed on MITRE as having a CVSS score of 10.0. Depending on the release and configuration there is some variance on the Base Score. The range of possible CVSS scores and mapping to the releases is detailed in the “Required Configurati ...

Date: February 14, 2023   Revision Date Changes 1.0 February 14, 2023 Initial release   The CVE-ID tracking this issue: CVE-2023-24509 CVSSv3.1 Base Score: 9.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-269 Improper Privilege Management This vulnerability is being tracked by BUG 723401 Description On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol ena ...

Date: February 10th, 2023   End of Sale / End of Life for Arista DMF Appliances: DCA-DM-SA, DCA-DM-SBL and DCA-DM-CB   Description: Arista Networks announces the end-of-sale/end-of-life for DMF (DANZ Monitoring Fabric) appliances whose product part numbers are listed below in Table 1. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) till their respective End-of-Life dates as listed in Table 2, the End-of-Life Milestones ...