IP Traffic Bypass in Arista EOS Affecting Network Routing Features
CVE-2024-6437
Currently unrated
What is CVE-2024-6437?
In certain configurations of Arista EOS, a vulnerability exists that allows specific types of IP traffic, particularly those involving IPv4 packets with IP options, to circumvent the intended nexthop actions set by features like policy-based routing, BGP Flowspec, or interface traffic policy. Instead of being redirected as expected, these packets may be forwarded through a slower path by the kernel, leading to potential performance degradation and unintended routing behaviors. This could pose risks to network integrity and performance.