CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-24509

CVSS 9.3v3.1pub. 2023-04-13upd. 2024-11-21

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Arista 704x3

    HW
    Arista
    wszystkie wersje
  • Arista 7304x

    HW
    Arista
    wszystkie wersje
  • Arista 7304x3

    HW
    Arista
    wszystkie wersje
  • Arista 7308x

    HW
    Arista
    wszystkie wersje
  • Arista 7316x

    HW
    Arista
    wszystkie wersje
  • Arista 7324x

    HW
    Arista
    wszystkie wersje
  • Arista 7328x

    HW
    Arista
    wszystkie wersje
  • Arista 7504r

    HW
    Arista
    wszystkie wersje
  • Arista 7504r3

    HW
    Arista
    wszystkie wersje
  • Arista 7508r

    HW
    Arista
    wszystkie wersje
  • Arista 7508r3

    HW
    Arista
    wszystkie wersje
  • Arista 7512r

    HW
    Arista
    wszystkie wersje
  • Arista 7512r3

    HW
    Arista
    wszystkie wersje
  • Arista 7516r

    HW
    Arista
    wszystkie wersje
  • Arista 755x

    HW
    Arista
    wszystkie wersje
  • Arista 758x

    HW
    Arista
    wszystkie wersje
  • Arista 7804r3

    HW
    Arista
    wszystkie wersje
  • Arista 7808r3

    HW
    Arista
    wszystkie wersje
  • Arista 7812r3

    HW
    Arista
    wszystkie wersje
  • Arista 7816r3

    HW
    Arista
    wszystkie wersje
  • Arista Eos

    OS
    Arista
    4.28.0 – 4.28.4m (bez)4.27.0 – 4.27.7m (bez)4.26.0 – 4.26.9m (bez)4.25.0 – 4.25.10m (bez)4.24.0 – 4.24.11m (bez)4.23 – 4.23.13m
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...

CVE-2021-28506CRITICAL9.1ten sam produkt

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and...

CVE-2021-28500CRITICAL9.1ten sam produkt

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConf...

CVE-2020-10188CRITICAL9.8ten sam produkt

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short...