On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.
CVE-2023-24511

5.3MEDIUM

Key Information:

Vendor

Arista Networks

Status
Eos
Vendor
CVE Published:
12 April 2023

What is CVE-2023-24511?

A vulnerability exists in Arista EOS when SNMP is configured, whereby a specially crafted packet can trigger a memory leak in the snmpd process. This leads to the termination of the snmpd processing, resulting in SNMP requests timing out until an automatic restart occurs. Additionally, this vulnerability can cause memory resource exhaustion for other processes on the switch, potentially impacting overall performance. However, it does not compromise the confidentiality or integrity of the system.

Affected Version(s)

EOS 4.28.0 4.28.5.1M

EOS 4.27.0 4.27.8.1M

EOS 4.26.0 4.26.9M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-24511 : On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.