CVE-2023-24511

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:a:arista:ceos-lab:-:::::::*
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*
	cpe:2.3:h:arista:7010t:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48:-:::::::*
	cpe:2.3:h:arista:7010tx-48-dc:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720dt-48y:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:722xpm-48y4:-:::::::*
	cpe:2.3:h:arista:722xpm-48zy8:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260cx3-64:-:::::::*
cpe:2.3:h:arista:7260qx:-:::::::*
cpe:2.3:h:arista:7260qx-64:-:::::::*
cpe:2.3:h:arista:7280cr2ak-30:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280r:-:::::::*
cpe:2.3:h:arista:7280r2:-:::::::*
cpe:2.3:h:arista:7280r3:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7304:-:::::::*
cpe:2.3:h:arista:7308:-:::::::*
cpe:2.3:h:arista:7316:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500e:-:::::::*
cpe:2.3:h:arista:7500r:-:::::::*
cpe:2.3:h:arista:7500r2:-:::::::*
cpe:2.3:h:arista:7500r3:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7800r3-36p:-:::::::*
cpe:2.3:h:arista:7800r3-48cq:-:::::::*
cpe:2.3:h:arista:7800r3k-48cq:-:::::::*
cpe:2.3:h:arista:ccs-750x-48thp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48tp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zp:-:::::::*
cpe:2.3:h:arista:ccs-750x-48zxp:-:::::::*

History

21 Apr 2023, 14:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-12 21:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-24511

Mitre link : CVE-2023-24511

CVE.ORG link : CVE-2023-24511

JSON object : View

Products Affected

arista

7050sx-72q
7280r3
7280dr3-24
722xpm-48zy8
7320x-32c
7170-32c
720dt-48y
7280r2
7010tx-48
ccs-750x-48zp
7020tra-48
7150s-24
720xp-24y6
7170-64c
720dt-24s
7280pr3-24
7368x4
7010t-48
7050sx2-72q
720dp-24s
7280dr3k-24
7170-32cd
7500r3
cloudeos
7260cx3
7260cx
7060cx-32s
7020sr-32c2
7280e
eos
720dt-48s
7150s-64
7160-48yc6
7050sx-64
7300x-64t
7500r3-24d
7500r3k-36cq
7050cx3-32s
7060sx2-48yc6
7160-48tc6
7280cr3-96
720xp-48y6
7300x3-48yc4
7280cr3-32p4
720xp-48zc2
7280cr2ak-30
ceos-lab
7260qx
7060dx4-32
7800r3-48cq
7050tx-48
7280cr3k-32p4
7150s-52
7500e
7300x-64s
720df-48y
7150sc-24
7388x5
7050tx-64
7280cr2k-60
7280pr3k-24
7260cx3-64
7050sx-128
7060cx2-32s
7160-32cq
7050tx2-128
7280cr3k-96
7300x3-32c
720xp-24zy4
7050sx3-48yc12
7500r
720dp-48s
7280sr3-48yc8
7316
7170b-64c
7280sr3k-48yc8
7800r3k-48cq
ccs-750x-48thp
7280cr3k-32d4
7800r3-36p
7020sr-24c2
7050tx3-48c8
7010tx-48-dc
7060px4-32
7020tr-48
7150sc-64
7500r3-36cq
ccs-750x-48zxp
7260qx-64
7250qx-64
7050sx3-48yc
7050qx2-32s
720xp-96zc2
7050sx3-48yc8
7050sx3-96yc8
7050tx-72q
7500r2
7304
7050sx2-128
7300x-32q
7308
veos-lab
7010t
7050sx3-48c8
ccs-750x-48tp
7280cr3-32d4
7050cx3m-32s
7500r3-24p
7280r
722xpm-48y4
7050qx-32s

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

7.5 /10