CVE-2024-9135
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | EOS | 4.33.0 | affected |
| Arista Networks | EOS | 4.31.0 <= 4.31.5 | affected |
| Arista Networks | EOS | 4.30.0 <= 4.30.8.1 | affected |
| Arista Networks | EOS | 4.29.0 <= 4.29.9.1 | affected |
| Arista Networks | EOS | 4.28.0 | affected |
| Arista Networks | EOS | 4.27.0 <= 4.27.1 | affected |
Weaknesses
- CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime
Workarounds
The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.
- Enter "bash" shell under EOS prompt
- sudo sh -c 'echo "BgpLsConsumerDps=0" > /mnt/flash/toggle_override; echo "BgpLsProducerDps=0" >> /mnt/flash/toggle_override'
- Reload the switch or router
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.