CVE-2023-24512

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:h:arista:32qd:-:::::::*
	cpe:2.3:h:arista:48ehs:-:::::::*
	cpe:2.3:h:arista:48lbas:-:::::::*
	cpe:2.3:h:arista:48lbs:-:::::::*
	cpe:2.3:h:arista:48s6qd:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7130-16g3s:-:::::::*
	cpe:2.3:h:arista:7130-48g3s:-:::::::*
	cpe:2.3:h:arista:7130-96s:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260qx:-:::::::*
	cpe:2.3:h:arista:7260sx2:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7358x4:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7804r3:-:::::::*
cpe:2.3:h:arista:7808r3:-:::::::*
cpe:2.3:h:arista:7812r3:-:::::::*
cpe:2.3:h:arista:7816r3:-:::::::*
cpe:2.3:h:arista:96lbs:-:::::::*
cpe:2.3:h:arista:dcs-7010tx-48:-:::::::*
cpe:2.3:h:arista:dcs-7500-12cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-48s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-72s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:arista:ceos-lab::::::::
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*

History

No history.

Information

Published : 2023-04-25 21:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-24512

Mitre link : CVE-2023-24512

CVE.ORG link : CVE-2023-24512

JSON object : View

Products Affected

arista

96lbs
7050tx3-48c8
48lbs
7050tx2-128
7060cx2-32s
7160-48yc6
7260qx
7500r3k-36cq
7368x4
7170-32c
7020sr-32c2
7150sc-64
7050tx-72q
720xp-96zc2
7050cx3-32s
720dp-24s
7060sx2-48yc6
eos
7388x5
7280pr3-24
7300x-64t
7320x-32c
dcs-7500-12cq-lc
7020sr-24c2
7050sx3-48yc12
7280dr3-24
720xp-24zy4
dcs-7500e-72s-lc
7130-16g3s
7050cx3m-32s
7804r3
7060cx-32s
7808r3
dcs-7500r-48s2cq-lc
7280e
720dp-48s
7500r3-24d
7300x3-48yc4
7050sx2-128
7170-64c
veos-lab
7050tx-64
dcs-7500e-6c2-lc
dcs-7500r-36q-lc
720xp-24y6
7280cr3-96
7280pr3k-24
7010t-48
7050sx-128
720xp-48zc2
7060dx4-32
cloudeos
7050sx3-48yc
7300x-32q
7300x-64s
7358x4
7020tr-48
7812r3
720dt-24s
7050sx2-72q
7150sc-24
7050qx2-32s
7050tx-48
7260sx2
720df-48y
48ehs
7060px4-32
720xp-48y6
7160-48tc6
7280sr3k-48yc8
7170b-64c
32qd
7050sx3-48c8
dcs-7500r-36cq-lc
7150s-52
7500r3-36cq
dcs-7500e-12cm-lc
7280cr3-32d4
7260cx
48s6qd
7280cr3-32p4
7280sr3-48yc8
7500r3-24p
dcs-7500e-48s-lc
7020tra-48
7150s-64
dcs-7010tx-48
7050sx3-48yc8
7280dr3k-24
7130-48g3s
7050sx-72q
7170-32cd
7150s-24
7050sx-64
dcs-7500e-36q-lc
7050qx-32s
ceos-lab
7260cx3
7300x3-32c
7130-96s
7250qx-64
7050sx3-96yc8
7160-32cq
7816r3
720dt-48s
7280cr3k-96
7280cr3k-32d4
48lbas
7280cr2k-60
7280cr3k-32p4

CWE

CWE-863

Incorrect Authorization

CWE-284

Improper Access Control

6.5 /10