CVE-2023-24509
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | Arista EOS | 4.23.0 4.23.13M | affected |
| Arista Networks | Arista EOS | 4.28.0 <= 4.28.3M | affected |
| Arista Networks | Arista EOS | 4.27.0 <= 4.27.6M | affected |
| Arista Networks | Arista EOS | 4.286.0 <= 4.26.8M | affected |
| Arista Networks | Arista EOS | 4.25.0 <= 4.25.9M | affected |
| Arista Networks | Arista EOS | 4.24.0 <= 4.24.10M | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
Workarounds
The workaround is to disable “ssh” CLI command in unprivileged mode on the SSH client devices by using command authorization. This can be done with Role-Based Access Control (RBAC).
If the “ssh” CLI command is currently used to connect to a remote host, the destination address can be added to an allowlist with RBAC.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.