CVE-2023-24548

Summary

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksEOS4.25.0F <= =4.25.0Faffected
Arista NetworksEOS4.24.0 <= <=4.24.11Maffected
Arista NetworksEOS4.23.0 <= <=4.23.14Maffected
Arista NetworksEOS4.22.1F <= <=4.22.13Maffected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Workarounds

There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References