CVE-2023-6068
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | MOS | 1.7.1 | affected |
| Arista Networks | MOS | 1.6 | affected |
Weaknesses
- CWE-283: CWE-283
Workarounds
The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.
Run the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:
switch(config-app-multiaccess)#shut switch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need switch(config-app-multiaccess)#no shut
The previous applied access control lists will automatically apply after FPGA reload.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.