CVE-2023-24548 : On affected platforms running Arista EOS with VXLAN configured, malformed or tru

Products affected by CVE-2023-24548

Arista » EOS
Versions from including (>=) 4.23.0 and up to, including, (<=) 4.23.14m
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » 7280cr3-32d4 » Version: N/A
When used together with: Arista » 7280cr3-32p4 » Version: N/A
When used together with: Arista » 7280cr3-36s » Version: N/A
When used together with: Arista » 7280cr3-96 » Version: N/A
When used together with: Arista » 7280cr3a-24d12 » Version: N/A
When used together with: Arista » 7280cr3a-48d6 » Version: N/A
When used together with: Arista » 7280cr3a-72 » Version: N/A
When used together with: Arista » 7280dr3-24 » Version: N/A
When used together with: Arista » 7280dr3a-36 » Version: N/A
When used together with: Arista » 7280dr3a-54 » Version: N/A
When used together with: Arista » 7280dr3ak-36 » Version: N/A
When used together with: Arista » 7280dr3ak-54 » Version: N/A
When used together with: Arista » 7280dr3am-36 » Version: N/A
When used together with: Arista » 7280dr3am-54 » Version: N/A
When used together with: Arista » 7280pr3-24 » Version: N/A
When used together with: Arista » 7280r3 » Version: N/A
When used together with: Arista » 7280sr3-40yc6 » Version: N/A
When used together with: Arista » 7280sr3-48yc8 » Version: N/A
When used together with: Arista » 7280tr3-40c6 » Version: N/A
When used together with: Arista » 7500r3-24d » Version: N/A
When used together with: Arista » 7500r3-24p » Version: N/A
When used together with: Arista » 7500r3-36cq » Version: N/A
When used together with: Arista » 7500r3k-36cq » Version: N/A
When used together with: Arista » 7500r3k-48y4d » Version: N/A
When used together with: Arista » 7504r3 » Version: N/A
When used together with: Arista » 7508r3 » Version: N/A
When used together with: Arista » 7512r3 » Version: N/A
When used together with: Arista » 7800r3-36d » Version: N/A
When used together with: Arista » 7800r3-36p » Version: N/A
When used together with: Arista » 7800r3-48cq » Version: N/A
When used together with: Arista » 7800r3a-36d » Version: N/A
When used together with: Arista » 7800r3a-36dm » Version: N/A
When used together with: Arista » 7800r3a-36p » Version: N/A
When used together with: Arista » 7800r3a-36pm » Version: N/A
When used together with: Arista » 7800r3ak-36dm » Version: N/A
When used together with: Arista » 7800r3ak-36pm » Version: N/A
When used together with: Arista » 7800r3k-36dm » Version: N/A
When used together with: Arista » 7800r3k-48cq » Version: N/A
When used together with: Arista » 7800r3k-48cqms » Version: N/A
When used together with: Arista » 7800r3k-72y7512r3 » Version: N/A
When used together with: Arista » 7808r3 » Version: N/A
When used together with: Arista » 7812r3 » Version: N/A
When used together with: Arista » 7816r3 » Version: N/A
Arista » EOS
Versions from including (>=) 4.24.0 and up to, including, (<=) 4.24.11m
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » 7280cr3-32d4 » Version: N/A
When used together with: Arista » 7280cr3-32p4 » Version: N/A
When used together with: Arista » 7280cr3-36s » Version: N/A
When used together with: Arista » 7280cr3-96 » Version: N/A
When used together with: Arista » 7280cr3a-24d12 » Version: N/A
When used together with: Arista » 7280cr3a-48d6 » Version: N/A
When used together with: Arista » 7280cr3a-72 » Version: N/A
When used together with: Arista » 7280dr3-24 » Version: N/A
When used together with: Arista » 7280dr3a-36 » Version: N/A
When used together with: Arista » 7280dr3a-54 » Version: N/A
When used together with: Arista » 7280dr3ak-36 » Version: N/A
When used together with: Arista » 7280dr3ak-54 » Version: N/A
When used together with: Arista » 7280dr3am-36 » Version: N/A
When used together with: Arista » 7280dr3am-54 » Version: N/A
When used together with: Arista » 7280pr3-24 » Version: N/A
When used together with: Arista » 7280r3 » Version: N/A
When used together with: Arista » 7280sr3-40yc6 » Version: N/A
When used together with: Arista » 7280sr3-48yc8 » Version: N/A
When used together with: Arista » 7280tr3-40c6 » Version: N/A
When used together with: Arista » 7500r3-24d » Version: N/A
When used together with: Arista » 7500r3-24p » Version: N/A
When used together with: Arista » 7500r3-36cq » Version: N/A
When used together with: Arista » 7500r3k-36cq » Version: N/A
When used together with: Arista » 7500r3k-48y4d » Version: N/A
When used together with: Arista » 7504r3 » Version: N/A
When used together with: Arista » 7508r3 » Version: N/A
When used together with: Arista » 7512r3 » Version: N/A
When used together with: Arista » 7800r3-36d » Version: N/A
When used together with: Arista » 7800r3-36p » Version: N/A
When used together with: Arista » 7800r3-48cq » Version: N/A
When used together with: Arista » 7800r3a-36d » Version: N/A
When used together with: Arista » 7800r3a-36dm » Version: N/A
When used together with: Arista » 7800r3a-36p » Version: N/A
When used together with: Arista » 7800r3a-36pm » Version: N/A
When used together with: Arista » 7800r3ak-36dm » Version: N/A
When used together with: Arista » 7800r3ak-36pm » Version: N/A
When used together with: Arista » 7800r3k-36dm » Version: N/A
When used together with: Arista » 7800r3k-48cq » Version: N/A
When used together with: Arista » 7800r3k-48cqms » Version: N/A
When used together with: Arista » 7800r3k-72y7512r3 » Version: N/A
When used together with: Arista » 7808r3 » Version: N/A
When used together with: Arista » 7812r3 » Version: N/A
When used together with: Arista » 7816r3 » Version: N/A
Arista » EOS
Versions from including (>=) 4.22.1f and up to, including, (<=) 4.22.13m
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » 7280cr3-32d4 » Version: N/A
When used together with: Arista » 7280cr3-32p4 » Version: N/A
When used together with: Arista » 7280cr3-36s » Version: N/A
When used together with: Arista » 7280cr3-96 » Version: N/A
When used together with: Arista » 7280cr3a-24d12 » Version: N/A
When used together with: Arista » 7280cr3a-48d6 » Version: N/A
When used together with: Arista » 7280cr3a-72 » Version: N/A
When used together with: Arista » 7280dr3-24 » Version: N/A
When used together with: Arista » 7280dr3a-36 » Version: N/A
When used together with: Arista » 7280dr3a-54 » Version: N/A
When used together with: Arista » 7280dr3ak-36 » Version: N/A
When used together with: Arista » 7280dr3ak-54 » Version: N/A
When used together with: Arista » 7280dr3am-36 » Version: N/A
When used together with: Arista » 7280dr3am-54 » Version: N/A
When used together with: Arista » 7280pr3-24 » Version: N/A
When used together with: Arista » 7280r3 » Version: N/A
When used together with: Arista » 7280sr3-40yc6 » Version: N/A
When used together with: Arista » 7280sr3-48yc8 » Version: N/A
When used together with: Arista » 7280tr3-40c6 » Version: N/A
When used together with: Arista » 7500r3-24d » Version: N/A
When used together with: Arista » 7500r3-24p » Version: N/A
When used together with: Arista » 7500r3-36cq » Version: N/A
When used together with: Arista » 7500r3k-36cq » Version: N/A
When used together with: Arista » 7500r3k-48y4d » Version: N/A
When used together with: Arista » 7504r3 » Version: N/A
When used together with: Arista » 7508r3 » Version: N/A
When used together with: Arista » 7512r3 » Version: N/A
When used together with: Arista » 7800r3-36d » Version: N/A
When used together with: Arista » 7800r3-36p » Version: N/A
When used together with: Arista » 7800r3-48cq » Version: N/A
When used together with: Arista » 7800r3a-36d » Version: N/A
When used together with: Arista » 7800r3a-36dm » Version: N/A
When used together with: Arista » 7800r3a-36p » Version: N/A
When used together with: Arista » 7800r3a-36pm » Version: N/A
When used together with: Arista » 7800r3ak-36dm » Version: N/A
When used together with: Arista » 7800r3ak-36pm » Version: N/A
When used together with: Arista » 7800r3k-36dm » Version: N/A
When used together with: Arista » 7800r3k-48cq » Version: N/A
When used together with: Arista » 7800r3k-48cqms » Version: N/A
When used together with: Arista » 7800r3k-72y7512r3 » Version: N/A
When used together with: Arista » 7808r3 » Version: N/A
When used together with: Arista » 7812r3 » Version: N/A
When used together with: Arista » 7816r3 » Version: N/A
Arista » EOS » Version: 4.25.0f
cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*
Matching versions
When used together with: Arista » 7280cr3-32d4 » Version: N/A
When used together with: Arista » 7280cr3-32p4 » Version: N/A
When used together with: Arista » 7280cr3-36s » Version: N/A
When used together with: Arista » 7280cr3-96 » Version: N/A
When used together with: Arista » 7280cr3a-24d12 » Version: N/A
When used together with: Arista » 7280cr3a-48d6 » Version: N/A
When used together with: Arista » 7280cr3a-72 » Version: N/A
When used together with: Arista » 7280dr3-24 » Version: N/A
When used together with: Arista » 7280dr3a-36 » Version: N/A
When used together with: Arista » 7280dr3a-54 » Version: N/A
When used together with: Arista » 7280dr3ak-36 » Version: N/A
When used together with: Arista » 7280dr3ak-54 » Version: N/A
When used together with: Arista » 7280dr3am-36 » Version: N/A
When used together with: Arista » 7280dr3am-54 » Version: N/A
When used together with: Arista » 7280pr3-24 » Version: N/A
When used together with: Arista » 7280r3 » Version: N/A
When used together with: Arista » 7280sr3-40yc6 » Version: N/A
When used together with: Arista » 7280sr3-48yc8 » Version: N/A
When used together with: Arista » 7280tr3-40c6 » Version: N/A
When used together with: Arista » 7500r3-24d » Version: N/A
When used together with: Arista » 7500r3-24p » Version: N/A
When used together with: Arista » 7500r3-36cq » Version: N/A
When used together with: Arista » 7500r3k-36cq » Version: N/A
When used together with: Arista » 7500r3k-48y4d » Version: N/A
When used together with: Arista » 7504r3 » Version: N/A
When used together with: Arista » 7508r3 » Version: N/A
When used together with: Arista » 7512r3 » Version: N/A
When used together with: Arista » 7800r3-36d » Version: N/A
When used together with: Arista » 7800r3-36p » Version: N/A
When used together with: Arista » 7800r3-48cq » Version: N/A
When used together with: Arista » 7800r3a-36d » Version: N/A
When used together with: Arista » 7800r3a-36dm » Version: N/A
When used together with: Arista » 7800r3a-36p » Version: N/A
When used together with: Arista » 7800r3a-36pm » Version: N/A
When used together with: Arista » 7800r3ak-36dm » Version: N/A
When used together with: Arista » 7800r3ak-36pm » Version: N/A
When used together with: Arista » 7800r3k-36dm » Version: N/A
When used together with: Arista » 7800r3k-48cq » Version: N/A
When used together with: Arista » 7800r3k-48cqms » Version: N/A
When used together with: Arista » 7800r3k-72y7512r3 » Version: N/A
When used together with: Arista » 7808r3 » Version: N/A
When used together with: Arista » 7812r3 » Version: N/A
When used together with: Arista » 7816r3 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-24548

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-24548

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.3	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	1.6	3.6	Arista Networks, Inc.
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-24548

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@arista.com (Secondary)

References for CVE-2023-24548

https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089

Security Advisory 0089 - Arista
Exploit;Vendor Advisory

Vulnerability Details : CVE-2023-24548

Products affected by CVE-2023-24548

Exploit prediction scoring system (EPSS) score for CVE-2023-24548

CVSS scores for CVE-2023-24548

CWE ids for CVE-2023-24548

References for CVE-2023-24548