CVE-2023-24511

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084	Exploit Patch Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:a:arista:ceos-lab:-:::::::*
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*
	cpe:2.3:h:arista:7010t:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48-dc:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720dt-48y:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:722xpm-48y4:-:::::::*
	cpe:2.3:h:arista:722xpm-48zy8:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260cx3-64:-:::::::*
cpe:2.3:h:arista:7260qx:-:::::::*
cpe:2.3:h:arista:7260qx-64:-:::::::*
cpe:2.3:h:arista:7280cr2ak-30:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280r:-:::::::*
cpe:2.3:h:arista:7280r2:-:::::::*
cpe:2.3:h:arista:7280r3:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7304:-:::::::*
cpe:2.3:h:arista:7308:-:::::::*
cpe:2.3:h:arista:7316:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500e:-:::::::*
cpe:2.3:h:arista:7500r:-:::::::*
cpe:2.3:h:arista:7500r2:-:::::::*
cpe:2.3:h:arista:7500r3:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7800r3-36p:-:::::::*
cpe:2.3:h:arista:7800r3-48cq:-:::::::*
cpe:2.3:h:arista:7800r3k-48cq:-:::::::*
cpe:2.3:h:arista:ccs-750x-48thp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48tp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zxp:-:::::::*

History

21 Nov 2024, 07:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.3
References	~~() https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 - Exploit, Patch, Vendor Advisory~~	() https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084 - Exploit, Patch, Vendor Advisory

21 Apr 2023, 14:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-12 21:15

Updated : 2024-11-21 07:48

NVD link : CVE-2023-24511

Mitre link : CVE-2023-24511

CVE.ORG link : CVE-2023-24511

JSON object : View

Products Affected

arista

720dp-24s
7800r3k-48cq
720dp-48s
cloudeos
722xpm-48y4
7150sc-24
720dt-48s
7300x-64s
7500r3-24d
7260qx
7280cr3k-32p4
720xp-96zc2
7300x3-48yc4
7150s-52
7280cr3-96
7050tx-64
7050tx2-128
7280sr3k-48yc8
720xp-48y6
7800r3-48cq
ccs-750x-48zxp
7304
7280dr3-24
ccs-750x-48thp
7500r2
7010t-48
7160-32cq
7800r3-36p
7320x-32c
7060dx4-32
ceos-lab
7050sx3-48c8
veos-lab
7280pr3-24
7260cx
720dt-48y
7050sx2-128
7050tx-48
7050tx3-48c8
7170-32cd
7300x-32q
7010t
7308
7050qx2-32s
7170b-64c
7170-32c
7010tx-48
7500e
7050sx3-48yc8
7020tra-48
7050sx-128
eos
720xp-48zc2
7280cr3-32p4
7170-64c
7280r2
7250qx-64
7150s-64
7300x3-32c
7150sc-64
7020sr-32c2
7500r3k-36cq
7160-48tc6
720df-48y
7280cr2ak-30
7020sr-24c2
7280sr3-48yc8
7500r3-24p
7260cx3-64
7050sx2-72q
7160-48yc6
7280r3
720xp-24y6
720xp-24zy4
7050sx3-48yc12
7500r3-36cq
7020tr-48
7050sx-72q
7060cx-32s
ccs-750x-48zp
7050cx3-32s
7280dr3k-24
7150s-24
7280cr3-32d4
ccs-750x-48tp
7280cr3k-96
7010tx-48-dc
7388x5
7280r
7060cx2-32s
7316
7280cr2k-60
7050qx-32s
7050sx3-48yc
7300x-64t
7050tx-72q
7050sx-64
7500r3
7060px4-32
7280pr3k-24
7368x4
7500r
7060sx2-48yc6
7260cx3
7050cx3m-32s
7280cr3k-32d4
7280e
7050sx3-96yc8
722xpm-48zy8
720dt-24s
7260qx-64

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.3 /10