CVE-2023-6068

Summary

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some

Affected Software

VendorProductVersion RangeStatus
Arista NetworksMOS1.7.1affected
Arista NetworksMOS1.6affected

Weaknesses

  • CWE-283: CWE-283

Workarounds

The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.

Run the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:

switch(config-app-multiaccess)#shut switch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need switch(config-app-multiaccess)#no shut

The previous applied access control lists will automatically apply after FPGA reload.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References