Vulnerability Description
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
CVSS Score
5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Eos | >= 4.28.2f, <= 4.28.5.1m |
| Arista | 7280Cr3-32D4 | - |
| Arista | 7280Cr3-32P4 | - |
| Arista | 7280Cr3-36S | - |
| Arista | 7280Cr3-96 | - |
| Arista | 7280Cr3A-24D12 | - |
| Arista | 7280Cr3A-48D6 | - |
| Arista | 7280Cr3A-72 | - |
| Arista | 7280Dr3-24 | - |
| Arista | 7280Dr3A-36 | - |
| Arista | 7280Dr3A-54 | - |
| Arista | 7280Dr3Ak-36 | - |
| Arista | 7280Dr3Ak-54 | - |
| Arista | 7280Dr3Am-36 | - |
| Arista | 7280Dr3Am-54 | - |
| Arista | 7280Pr3-24 | - |
| Arista | 7280R3 | - |
| Arista | 7280Sr3-40Yc6 | - |
| Arista | 7280Sr3-48Yc8 | - |
| Arista | 7280Tr3-40C6 | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisory/18042-secExploitMitigationVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisory/18042-secExploitMitigationVendor Advisory
FAQ
What is CVE-2023-3646?
CVE-2023-3646 is a vulnerability with a CVSS score of 5.9 (MEDIUM). On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
How severe is CVE-2023-3646?
CVE-2023-3646 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3646?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista 7280Cr3-32D4, Arista 7280Cr3-32P4, Arista 7280Cr3-36S, Arista 7280Cr3-96.