CVE-2023-24512 - Vulnerability Details

CVE-2023-24512 - On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Arista	32qd 48ehs 48lbas 48lbs 48s6qd 7010t-48 7020sr-24c2 7020sr-32c2 7020tr-48 7020tra-48 7050cx3-32s 7050cx3m-32s 7050qx-32s 7050qx2-32s 7050sx-128 7050sx-64 7050sx-72q 7050sx2-128 7050sx2-72q 7050sx3-48c8 7050sx3-48yc 7050sx3-48yc12 7050sx3-48yc8 7050sx3-96yc8 7050tx-48 7050tx-64 7050tx-72q 7050tx2-128 7050tx3-48c8 7060cx-32s 7060cx2-32s 7060dx4-32 7060px4-32 7060sx2-48yc6 7130-16g3s 7130-48g3s 7130-96s 7150s-24 7150s-52 7150s-64 7150sc-24 7150sc-64 7160-32cq 7160-48tc6 7160-48yc6 7170-32c 7170-32cd 7170-64c 7170b-64c 720df-48y 720dp-24s 720dp-48s 720dt-24s 720dt-48s 720xp-24y6 720xp-24zy4 720xp-48y6 720xp-48zc2 720xp-96zc2 7250qx-64 7260cx 7260cx3 7260qx 7260sx2 7280cr2k-60 7280cr3-32d4 7280cr3-32p4 7280cr3-96 7280cr3k-32d4 7280cr3k-32p4 7280cr3k-96 7280dr3-24 7280dr3k-24 7280e 7280pr3-24 7280pr3k-24 7280sr3-48yc8 7280sr3k-48yc8 7300x-32q 7300x-64s 7300x-64t 7300x3-32c 7300x3-48yc4 7320x-32c 7358x4 7368x4 7388x5 7500r3-24d 7500r3-24p 7500r3-36cq 7500r3k-36cq 7804r3 7808r3 7812r3 7816r3 96lbs Ceos-lab Cloudeos Dcs-7010tx-48 Dcs-7500-12cq-lc Dcs-7500e-12cm-lc Dcs-7500e-36q-lc Dcs-7500e-48s-lc Dcs-7500e-6c2-lc Dcs-7500e-72s-lc Dcs-7500r-36cq-lc Dcs-7500r-36q-lc Dcs-7500r-48s2cq-lc Eos Veos-lab

Configuration 1 [-]

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:h:arista:32qd:-:::::::*
	cpe:2.3:h:arista:48ehs:-:::::::*
	cpe:2.3:h:arista:48lbas:-:::::::*
	cpe:2.3:h:arista:48lbs:-:::::::*
	cpe:2.3:h:arista:48s6qd:-:::::::*
	cpe:2.3:h:arista:7010t-48:-:::::::*
	cpe:2.3:h:arista:7020sr-24c2:-:::::::*
	cpe:2.3:h:arista:7020sr-32c2:-:::::::*
	cpe:2.3:h:arista:7020tr-48:-:::::::*
	cpe:2.3:h:arista:7020tra-48:-:::::::*
	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050qx-32s:-:::::::*
	cpe:2.3:h:arista:7050qx2-32s:-:::::::*
	cpe:2.3:h:arista:7050sx-128:-:::::::*
	cpe:2.3:h:arista:7050sx-64:-:::::::*
	cpe:2.3:h:arista:7050sx-72q:-:::::::*
	cpe:2.3:h:arista:7050sx2-128:-:::::::*
	cpe:2.3:h:arista:7050sx2-72q:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx-48:-:::::::*
	cpe:2.3:h:arista:7050tx-64:-:::::::*
	cpe:2.3:h:arista:7050tx-72q:-:::::::*
	cpe:2.3:h:arista:7050tx2-128:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:7060cx-32s:-:::::::*
	cpe:2.3:h:arista:7060cx2-32s:-:::::::*
	cpe:2.3:h:arista:7060dx4-32:-:::::::*
	cpe:2.3:h:arista:7060px4-32:-:::::::*
	cpe:2.3:h:arista:7060sx2-48yc6:-:::::::*
	cpe:2.3:h:arista:7130-16g3s:-:::::::*
	cpe:2.3:h:arista:7130-48g3s:-:::::::*
	cpe:2.3:h:arista:7130-96s:-:::::::*
	cpe:2.3:h:arista:7150s-24:-:::::::*
	cpe:2.3:h:arista:7150s-52:-:::::::*
	cpe:2.3:h:arista:7150s-64:-:::::::*
	cpe:2.3:h:arista:7150sc-24:-:::::::*
	cpe:2.3:h:arista:7150sc-64:-:::::::*
	cpe:2.3:h:arista:7160-32cq:-:::::::*
	cpe:2.3:h:arista:7160-48tc6:-:::::::*
	cpe:2.3:h:arista:7160-48yc6:-:::::::*
	cpe:2.3:h:arista:7170-32c:-:::::::*
	cpe:2.3:h:arista:7170-32cd:-:::::::*
	cpe:2.3:h:arista:7170-64c:-:::::::*
	cpe:2.3:h:arista:7170b-64c:-:::::::*
	cpe:2.3:h:arista:720df-48y:-:::::::*
	cpe:2.3:h:arista:720dp-24s:-:::::::*
	cpe:2.3:h:arista:720dp-48s:-:::::::*
	cpe:2.3:h:arista:720dt-24s:-:::::::*
	cpe:2.3:h:arista:720dt-48s:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:7250qx-64:-:::::::*
	cpe:2.3:h:arista:7260cx:-:::::::*
	cpe:2.3:h:arista:7260cx3:-:::::::*
	cpe:2.3:h:arista:7260qx:-:::::::*
	cpe:2.3:h:arista:7260sx2:-:::::::*
cpe:2.3:h:arista:7280cr2k-60:-:::::::*
cpe:2.3:h:arista:7280cr3-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3-96:-:::::::*
cpe:2.3:h:arista:7280cr3k-32d4:-:::::::*
cpe:2.3:h:arista:7280cr3k-32p4:-:::::::*
cpe:2.3:h:arista:7280cr3k-96:-:::::::*
cpe:2.3:h:arista:7280dr3-24:-:::::::*
cpe:2.3:h:arista:7280dr3k-24:-:::::::*
cpe:2.3:h:arista:7280e:-:::::::*
cpe:2.3:h:arista:7280pr3-24:-:::::::*
cpe:2.3:h:arista:7280pr3k-24:-:::::::*
cpe:2.3:h:arista:7280sr3-48yc8:-:::::::*
cpe:2.3:h:arista:7280sr3k-48yc8:-:::::::*
cpe:2.3:h:arista:7300x-32q:-:::::::*
cpe:2.3:h:arista:7300x-64s:-:::::::*
cpe:2.3:h:arista:7300x-64t:-:::::::*
cpe:2.3:h:arista:7300x3-32c:-:::::::*
cpe:2.3:h:arista:7300x3-48yc4:-:::::::*
cpe:2.3:h:arista:7320x-32c:-:::::::*
cpe:2.3:h:arista:7358x4:-:::::::*
cpe:2.3:h:arista:7368x4:-:::::::*
cpe:2.3:h:arista:7388x5:-:::::::*
cpe:2.3:h:arista:7500r3-24d:-:::::::*
cpe:2.3:h:arista:7500r3-24p:-:::::::*
cpe:2.3:h:arista:7500r3-36cq:-:::::::*
cpe:2.3:h:arista:7500r3k-36cq:-:::::::*
cpe:2.3:h:arista:7804r3:-:::::::*
cpe:2.3:h:arista:7808r3:-:::::::*
cpe:2.3:h:arista:7812r3:-:::::::*
cpe:2.3:h:arista:7816r3:-:::::::*
cpe:2.3:h:arista:96lbs:-:::::::*
cpe:2.3:h:arista:dcs-7010tx-48:-:::::::*
cpe:2.3:h:arista:dcs-7500-12cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-12cm-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-48s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-6c2-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500e-72s-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36cq-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-36q-lc:-:::::::*
cpe:2.3:h:arista:dcs-7500r-48s2cq-lc:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:arista:ceos-lab::::::::
	cpe:2.3:a:arista:cloudeos:-:::::::*
	cpe:2.3:a:arista:veos-lab:-:::::::*

No data.

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/17250-security-advisory-0086

History

Mon, 03 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2023-04-25T00:00:00.000Z

Updated: 2025-02-03T19:15:59.467Z

Reserved: 2023-01-24T00:00:00.000Z

Link: CVE-2023-24512

Vulnrichment

Updated: 2024-08-02T10:56:04.371Z

NVD

Status : Modified

Published: 2023-04-25T21:15:10.190

Modified: 2024-11-21T07:48:01.437

Link: CVE-2023-24512

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object