CVE-2023-24510
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | Arista EOS | 4.25.0F <= 4.25.10M | affected |
| Arista Networks | Arista EOS | 4.26.0F <= 4.26.9M | affected |
| Arista Networks | Arista EOS | 4.27.0F <= 4.27.9M | affected |
| Arista Networks | Arista EOS | 4.28.0F <= 4.28.6.1M | affected |
| Arista Networks | Arista EOS | 4.29.0F <= 4.29.1F | affected |
Weaknesses
- CWE-755: CWE-755 Improper Handling of Exceptional Conditions
Workarounds
The hotfix https://www.arista.com/support/advisories-notices/sa-download?sa=87-SecurityAdvisory87_Hotfix.swix can be used to remediate CVE-2023-24510. The hotfix only applies to the releases listed below and no other releases:
- 4.29.1F and below releases in the 4.29.x train
- 4.28.6.1M and below releases in the 4.28.x train
- 4.27.9M and below releases in the 4.27.x train
- 4.26.9M and below releases in the 4.26.x train
- 4.25.10M and below releases in the 4.25.x train
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.