CVE-2023-24545 HIGH

CVE-2023-24545: On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.

Vendor Arista Networks

Product EOS

Weakness CWE-400

Published April 12, 2023

Last update February 7, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Key dates

02Disclosure timeline

April 12, 2023 CVE published

February 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-24545 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2023-24545

CWE CWE-400

CVSS 7.5 / HIGH

Affected versions

Vendor Arista Networks

Product EOS

Affected ≥ 4.29.0 and ≤ 4.29.1F

Vendor Arista Networks

Product EOS

Affected ≥ 4.28.0 and ≤ 4.28.4M

Vendor Arista Networks

Product EOS

Affected ≥ 4.27.0 and ≤ 4.27.7M

Vendor Arista Networks

Product EOS

Affected ≥ 4.26.8M and ≤ 4.26.8M

CVE-2023-24545: On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.

01Description

02Disclosure timeline

03References

04Related CVE