// For flags

CVE-2023-24513

On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-01-24 CVE Reserved
  • 2023-04-12 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-11-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
  • CWE-126: Buffer Over-read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.26.0 < 4.26.9m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.26.0 < 4.26.9m"
-
Affected
in Amazon
Search vendor "Amazon"
Aws Marketplace
Search vendor "Amazon" for product "Aws Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.26.0 < 4.26.9m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.26.0 < 4.26.9m"
-
Affected
in Equinix
Search vendor "Equinix"
Network Edge
Search vendor "Equinix" for product "Network Edge"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.26.0 < 4.26.9m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.26.0 < 4.26.9m"
-
Affected
in Google
Search vendor "Google"
Google Cloud Platform Marketplace
Search vendor "Google" for product "Google Cloud Platform Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.26.0 < 4.26.9m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.26.0 < 4.26.9m"
-
Affected
in Microsoft
Search vendor "Microsoft"
Azure Marketplace
Search vendor "Microsoft" for product "Azure Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.26.0 < 4.26.9m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.26.0 < 4.26.9m"
-
Affected
in Arista
Search vendor "Arista"
Dca-200-veos
Search vendor "Arista" for product "Dca-200-veos"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.27.0 < 4.27.8m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.27.0 < 4.27.8m"
-
Affected
in Amazon
Search vendor "Amazon"
Aws Marketplace
Search vendor "Amazon" for product "Aws Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.27.0 < 4.27.8m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.27.0 < 4.27.8m"
-
Affected
in Equinix
Search vendor "Equinix"
Network Edge
Search vendor "Equinix" for product "Network Edge"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.27.0 < 4.27.8m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.27.0 < 4.27.8m"
-
Affected
in Google
Search vendor "Google"
Google Cloud Platform Marketplace
Search vendor "Google" for product "Google Cloud Platform Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.27.0 < 4.27.8m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.27.0 < 4.27.8m"
-
Affected
in Microsoft
Search vendor "Microsoft"
Azure Marketplace
Search vendor "Microsoft" for product "Azure Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.27.0 < 4.27.8m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.27.0 < 4.27.8m"
-
Affected
in Arista
Search vendor "Arista"
Dca-200-veos
Search vendor "Arista" for product "Dca-200-veos"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.28.0 < 4.28.5m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.28.0 < 4.28.5m"
-
Affected
in Amazon
Search vendor "Amazon"
Aws Marketplace
Search vendor "Amazon" for product "Aws Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.28.0 < 4.28.5m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.28.0 < 4.28.5m"
-
Affected
in Equinix
Search vendor "Equinix"
Network Edge
Search vendor "Equinix" for product "Network Edge"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.28.0 < 4.28.5m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.28.0 < 4.28.5m"
-
Affected
in Google
Search vendor "Google"
Google Cloud Platform Marketplace
Search vendor "Google" for product "Google Cloud Platform Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.28.0 < 4.28.5m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.28.0 < 4.28.5m"
-
Affected
in Microsoft
Search vendor "Microsoft"
Azure Marketplace
Search vendor "Microsoft" for product "Azure Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.28.0 < 4.28.5m
Search vendor "Arista" for product "Cloudeos" and version " >= 4.28.0 < 4.28.5m"
-
Affected
in Arista
Search vendor "Arista"
Dca-200-veos
Search vendor "Arista" for product "Dca-200-veos"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.29.0 < 4.29.2f
Search vendor "Arista" for product "Cloudeos" and version " >= 4.29.0 < 4.29.2f"
-
Affected
in Amazon
Search vendor "Amazon"
Aws Marketplace
Search vendor "Amazon" for product "Aws Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.29.0 < 4.29.2f
Search vendor "Arista" for product "Cloudeos" and version " >= 4.29.0 < 4.29.2f"
-
Affected
in Equinix
Search vendor "Equinix"
Network Edge
Search vendor "Equinix" for product "Network Edge"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.29.0 < 4.29.2f
Search vendor "Arista" for product "Cloudeos" and version " >= 4.29.0 < 4.29.2f"
-
Affected
in Google
Search vendor "Google"
Google Cloud Platform Marketplace
Search vendor "Google" for product "Google Cloud Platform Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.29.0 < 4.29.2f
Search vendor "Arista" for product "Cloudeos" and version " >= 4.29.0 < 4.29.2f"
-
Affected
in Microsoft
Search vendor "Microsoft"
Azure Marketplace
Search vendor "Microsoft" for product "Azure Marketplace"
--
Safe
Arista
Search vendor "Arista"
Cloudeos
Search vendor "Arista" for product "Cloudeos"
>= 4.29.0 < 4.29.2f
Search vendor "Arista" for product "Cloudeos" and version " >= 4.29.0 < 4.29.2f"
-
Affected
in Arista
Search vendor "Arista"
Dca-200-veos
Search vendor "Arista" for product "Dca-200-veos"
--
Safe