Vulnerability Description
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Eos | >= 4.22.1f, <= 4.22.13m |
| Arista | 7280Cr3-32D4 | - |
| Arista | 7280Cr3-32P4 | - |
| Arista | 7280Cr3-36S | - |
| Arista | 7280Cr3-96 | - |
| Arista | 7280Cr3A-24D12 | - |
| Arista | 7280Cr3A-48D6 | - |
| Arista | 7280Cr3A-72 | - |
| Arista | 7280Dr3-24 | - |
| Arista | 7280Dr3A-36 | - |
| Arista | 7280Dr3A-54 | - |
| Arista | 7280Dr3Ak-36 | - |
| Arista | 7280Dr3Ak-54 | - |
| Arista | 7280Dr3Am-36 | - |
| Arista | 7280Dr3Am-54 | - |
| Arista | 7280Pr3-24 | - |
| Arista | 7280R3 | - |
| Arista | 7280Sr3-40Yc6 | - |
| Arista | 7280Sr3-48Yc8 | - |
| Arista | 7280Tr3-40C6 | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisory/18043-secExploitVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisory/18043-secExploitVendor Advisory
FAQ
What is CVE-2023-24548?
CVE-2023-24548 is a vulnerability with a CVSS score of 5.3 (MEDIUM). On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward pac...
How severe is CVE-2023-24548?
CVE-2023-24548 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24548?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7280Cr3-32D4, Arista 7280Cr3-32P4, Arista 7280Cr3-36S, Arista 7280Cr3-96.