Skip to main content

Eos CVE-2023-24510

HIGH
Improper Handling of Exceptional Conditions (CWE-755)
2023-06-05 psirt@arista.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 05, 2023 - 22:15 nvd
HIGH 7.5

DescriptionNVD

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

AnalysisAI

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-755. On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. Affected products include: Arista Eos.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Eos

View all
CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2026-7473 MEDIUM POC
6.9 Jun 05

Tunnel decapsulation logic in Arista EOS fails to verify the encapsulation protocol type, allowing any tunneled packet d

CVE-2015-5165 CRITICAL
9.3 Aug 12

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows

CVE-2023-24509 HIGH POC
7.8 Apr 13

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundan

CVE-2015-3209 HIGH
7.5 Jun 15

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending

CVE-2015-8236 CRITICAL
10.0 Nov 19

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.

CVE-2023-3646 HIGH POC
7.5 Aug 29

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error ma

CVE-2023-24511 HIGH POC
7.5 Apr 12

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the

CVE-2022-26300 HIGH POC
7.5 Mar 17

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Rated high severity (C

CVE-2020-15897 HIGH POC
7.5 Oct 26

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attack

CVE-2019-17596 HIGH POC
7.5 Oct 24

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA

Share

CVE-2023-24510 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy