CVE-2023-24511

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084	Exploit Patch Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:a:arista:ceos-lab:-:::::::*
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*
	cpe:2.3:h:arista:7010t:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48-dc:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720dt-48y:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:722xpm-48y4:-:::::::*
	cpe:2.3:h:arista:722xpm-48zy8:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260cx3-64:-:::::::*
cpe:2.3:h:arista:7260qx:-:::::::*
cpe:2.3:h:arista:7260qx-64:-:::::::*
cpe:2.3:h:arista:7280cr2ak-30:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280r:-:::::::*
cpe:2.3:h:arista:7280r2:-:::::::*
cpe:2.3:h:arista:7280r3:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7304:-:::::::*
cpe:2.3:h:arista:7308:-:::::::*
cpe:2.3:h:arista:7316:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500e:-:::::::*
cpe:2.3:h:arista:7500r:-:::::::*
cpe:2.3:h:arista:7500r2:-:::::::*
cpe:2.3:h:arista:7500r3:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7800r3-36p:-:::::::*
cpe:2.3:h:arista:7800r3-48cq:-:::::::*
cpe:2.3:h:arista:7800r3k-48cq:-:::::::*
cpe:2.3:h:arista:ccs-750x-48thp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48tp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zxp:-:::::::*

History

21 Nov 2024, 07:48

Type	Values Removed	Values Added
References	~~() https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 - Exploit, Patch, Vendor Advisory~~	() https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 - Exploit, Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.3

Information

Published : 2023-04-12 21:15

Updated : 2024-11-21 07:48

NVD link : CVE-2023-24511

Mitre link : CVE-2023-24511

CVE.ORG link : CVE-2023-24511

JSON object : View

Products Affected

arista

ccs-750x-48thp
7280pr3-24
720xp-48y6
7050sx3-48c8
7170b-64c
7280e
ceos-lab
ccs-750x-48zxp
7280r
7050sx3-96yc8
7150s-24
7050sx3-48yc12
720xp-48zc2
7020sr-24c2
7170-64c
7260qx-64
720dt-48s
720df-48y
7280sr3k-48yc8
7050sx2-72q
cloudeos
7300x3-32c
7170-32cd
7020sr-32c2
7010t-48
7160-48tc6
7500r3-36cq
720dp-24s
7050sx3-48yc8
7050sx-72q
ccs-750x-48zp
7050tx2-128
7020tr-48
7280r3
720xp-96zc2
7500r
7150sc-24
7010t
7500r3
7300x-64s
7280cr3k-32d4
7060px4-32
7280cr3-32d4
7308
7250qx-64
7280cr3-96
7388x5
7010tx-48-dc
7060cx-32s
7170-32c
7060sx2-48yc6
7500r3k-36cq
7300x3-48yc4
7060dx4-32
7010tx-48
7050tx-64
7280dr3k-24
722xpm-48zy8
7500e
7300x-32q
7280dr3-24
ccs-750x-48tp
722xpm-48y4
7280cr2k-60
7050sx2-128
7050cx3-32s
7150s-64
7280sr3-48yc8
7050sx-128
7280cr2ak-30
7020tra-48
7304
7050tx-72q
720dt-48y
7060cx2-32s
720xp-24y6
7150s-52
7160-32cq
7800r3k-48cq
7050cx3m-32s
7316
7050sx-64
7300x-64t
7260cx3-64
eos
7050qx-32s
7150sc-64
veos-lab
7800r3-36p
7280r2
7500r2
7280cr3k-32p4
7050qx2-32s
7500r3-24p
7260cx3
7260qx
7050tx3-48c8
7050sx3-48yc
7050tx-48
720xp-24zy4
7500r3-24d
7280pr3k-24
7260cx
7800r3-48cq
7280cr3k-96
7368x4
7280cr3-32p4
720dt-24s
7160-48yc6
720dp-48s
7320x-32c

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.3 /10