CVE-2023-24512

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086	Exploit Mitigation Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:h:arista:32qd:-:::::::*
	cpe:2.3:h:arista:48ehs:-:::::::*
	cpe:2.3:h:arista:48lbas:-:::::::*
	cpe:2.3:h:arista:48lbs:-:::::::*
	cpe:2.3:h:arista:48s6qd:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7130-16g3s:-:::::::*
	cpe:2.3:h:arista:7130-48g3s:-:::::::*
	cpe:2.3:h:arista:7130-96s:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260qx:-:::::::*
	cpe:2.3:h:arista:7260sx2:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7358x4:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7804r3:-:::::::*
cpe:2.3:h:arista:7808r3:-:::::::*
cpe:2.3:h:arista:7812r3:-:::::::*
cpe:2.3:h:arista:7816r3:-:::::::*
cpe:2.3:h:arista:96lbs:-:::::::*
cpe:2.3:h:arista:dcs-7010tx-48:-:::::::*
cpe:2.3:h:arista:dcs-7500-12cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-48s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-72s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:arista:ceos-lab::::::::
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*

History

21 Nov 2024, 07:48

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 8.8
References	~~() https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 - Exploit, Mitigation, Vendor Advisory~~	() https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086 - Exploit, Mitigation, Vendor Advisory

Information

Published : 2023-04-25 21:15

Updated : 2024-11-21 07:48

NVD link : CVE-2023-24512

Mitre link : CVE-2023-24512

CVE.ORG link : CVE-2023-24512

JSON object : View

Products Affected

arista

7050sx-64
7280cr3k-32p4
720xp-48zc2
7300x-64t
720xp-24zy4
7260qx
7260sx2
7020tr-48
7050sx2-72q
dcs-7500e-72s-lc
dcs-7500r-36cq-lc
7020sr-32c2
7050cx3m-32s
720xp-24y6
7280dr3k-24
7816r3
7300x-64s
7280cr2k-60
7150s-64
7020tra-48
7160-32cq
7280cr3-32p4
7150s-24
7010t-48
7150s-52
7050qx-32s
7320x-32c
dcs-7500e-12cm-lc
96lbs
7060dx4-32
7050tx3-48c8
7050sx-128
7150sc-64
eos
7060sx2-48yc6
dcs-7500r-36q-lc
48s6qd
7050sx3-48yc
7300x3-48yc4
7050tx-48
dcs-7500r-48s2cq-lc
720dp-24s
7280pr3-24
7358x4
7130-96s
7804r3
7170-32cd
48lbas
7280pr3k-24
7160-48tc6
7280sr3k-48yc8
7150sc-24
ceos-lab
7260cx3
720dp-48s
7050tx2-128
7300x3-32c
7280cr3-96
720dt-48s
dcs-7500-12cq-lc
7300x-32q
7050sx-72q
7170-64c
7260cx
7130-16g3s
dcs-7500e-6c2-lc
720xp-96zc2
dcs-7500e-48s-lc
7130-48g3s
7050tx-72q
7388x5
720xp-48y6
32qd
7812r3
7280e
7500r3-36cq
7500r3k-36cq
7050sx3-48yc12
7170-32c
dcs-7500e-36q-lc
7500r3-24p
720df-48y
7280cr3-32d4
veos-lab
7050sx2-128
7050tx-64
7050sx3-48yc8
7050cx3-32s
7280sr3-48yc8
7500r3-24d
7280cr3k-32d4
48ehs
7170b-64c
7368x4
7060cx2-32s
7050qx2-32s
7060cx-32s
7280cr3k-96
7060px4-32
7280dr3-24
7020sr-24c2
7808r3
7250qx-64
720dt-24s
48lbs
cloudeos
7050sx3-96yc8
7050sx3-48c8
7160-48yc6
dcs-7010tx-48

CWE

CWE-284

Improper Access Control

CWE-863

Incorrect Authorization

8.8 /10