CVE-2023-24548 Vulnerability Details

  /     /     /  

CVE-2023-24548 Metadata Quick Info

CVE Published: 29/08/2023 | CVE Updated: 30/09/2024 | CVE Year: 2023
Source: Arista | Vendor: Arista Networks | Product: EOS
Status : PUBLISHED

---

CVE-2023-24548 Description

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-120
CWE Name: CWE-120 Buffer Copy without Checking Size of Input ( Classic Buffer Overflow )
Source: Arista Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-583
CAPEC Description: CAPEC-583 Disabling Network Hardware


Source: NVD (National Vulnerability Database).