CVE-2024-5872

Summary

On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksEOS4.32.0F <= 4.32.2Faffected
Arista NetworksEOS4.31.0M <= 4.31.4Maffected
Arista NetworksEOS4.30.0M <= 4.30.7Maffected
Arista NetworksEOS4.29.0M <= 4.29.8Maffected
Arista NetworksEOS4.28.1F <= 4.28.11Faffected

Weaknesses

  • cwe-346

Workarounds

There is no workaround.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References