CVE-2024-27892
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | EOS | 4.31.0 <= 4.31.2F | affected |
| Arista Networks | EOS | 4.30.0 <= 4.30.5M | affected |
| Arista Networks | EOS | 4.29.0 <= 4.29.7M | affected |
| Arista Networks | EOS | 4.28.0 <= 4.28.10M | affected |
| Arista Networks | EOS | 4.27.0 <= 4.27.8M | affected |
| Arista Networks | EOS | 4.26.0 <= 4.26.9M | affected |
| Arista Networks | EOS | 4.25.0 <= 4.25.10M | affected |
| Arista Networks | EOS | 4.24.0 <= 4.24.11M | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
The workaround is to disable gNMI Set requests. This can be done by applying per RPC authorization and ensuring no user is authorized to run the OpenConfig.Set command.
switch(config-gnmi-transport-default)#show management api gnmi transport grpc default authorization requests
Alternatively, TLS can be disabled:
switch(config-gnmi-transport-default)#no ssl profile
Alternatively, the OpenConfig agent can be disabled entirely:
switch(config-gnmi-transport-default)#no management api gnmi
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.