CVE-2023-3646
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | EOS | 4.28.2F <= 4.28.5.1M | affected |
| Arista Networks | EOS | 4.29.0 <= 4.29.1F | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
The suggestion to prevent this issue is to remove any mirroring config
#show monitor session
No sessions created
This example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.