Vulnerability Details : CVE-2023-24509

Potential exploit
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
Published 2023-04-13 20:15:09
Updated 2023-04-25 14:19:45
Source Arista Networks, Inc.
View at NVD,   CVE.org
Vulnerability category: Gain privilege

Products affected by CVE-2023-24509

  • Arista » EOS
    Versions from including (>=) 4.28.0 and before (<) 4.28.4m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A
  • Arista » EOS
    Versions from including (>=) 4.27.0 and before (<) 4.27.7m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A
  • Arista » EOS
    Versions from including (>=) 4.23 and up to, including, (<=) 4.23.13m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A
  • Arista » EOS
    Versions from including (>=) 4.25.0 and before (<) 4.25.10m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A
  • Arista » EOS
    Versions from including (>=) 4.26.0 and before (<) 4.26.9m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A
  • Arista » EOS
    Versions from including (>=) 4.24.0 and before (<) 4.24.11m
    cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
    Matching versions
    When used together with: Arista » 704x3 » Version: N/A
    When used together with: Arista » 7304x » Version: N/A
    When used together with: Arista » 7304x3 » Version: N/A
    When used together with: Arista » 7308x » Version: N/A
    When used together with: Arista » 7316x » Version: N/A
    When used together with: Arista » 7324x » Version: N/A
    When used together with: Arista » 7328x » Version: N/A
    When used together with: Arista » 7504r » Version: N/A
    When used together with: Arista » 7504r3 » Version: N/A
    When used together with: Arista » 7508r » Version: N/A
    When used together with: Arista » 7508r3 » Version: N/A
    When used together with: Arista » 7512r » Version: N/A
    When used together with: Arista » 7512r3 » Version: N/A
    When used together with: Arista » 7516r » Version: N/A
    When used together with: Arista » 755x » Version: N/A
    When used together with: Arista » 758x » Version: N/A
    When used together with: Arista » 7804r3 » Version: N/A
    When used together with: Arista » 7808r3 » Version: N/A
    When used together with: Arista » 7812r3 » Version: N/A
    When used together with: Arista » 7816r3 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-24509

EPSS FAQ
0.05%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-24509

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.8
 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.8
5.9
 NIST
9.3
 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2.5
6.0
 Arista Networks, Inc.

CWE ids for CVE-2023-24509

  • The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
    Assigned by: psirt@arista.com (Secondary)

References for CVE-2023-24509

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close