CVE-2023-24509

Summary

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksArista EOS4.23.0 4.23.13Maffected
Arista NetworksArista EOS4.28.0 <= 4.28.3Maffected
Arista NetworksArista EOS4.27.0 <= 4.27.6Maffected
Arista NetworksArista EOS4.286.0 <= 4.26.8Maffected
Arista NetworksArista EOS4.25.0 <= 4.25.9Maffected
Arista NetworksArista EOS4.24.0 <= 4.24.10Maffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

Workarounds

The workaround is to disable “ssh” CLI command in unprivileged mode on the SSH client devices by using command authorization. This can be done with Role-Based Access Control (RBAC).

If the “ssh” CLI command is currently used to connect to a remote host, the destination address can be added to an allowlist with RBAC.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References