CVE-2023-24512

Summary

CVE	CVE-2023-24512
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-25 21:15:00 UTC
Updated	2023-05-09 16:02:00 UTC
Description	On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Arista	32qd	-	All	All	All
Hardware	Arista	48ehs	-	All	All	All
Hardware	Arista	48lbas	-	All	All	All
Hardware	Arista	48lbs	-	All	All	All
Hardware	Arista	48s6qd	-	All	All	All
Hardware	Arista	7010t-48	-	All	All	All
Hardware	Arista	7020sr-24c2	-	All	All	All
Hardware	Arista	7020sr-32c2	-	All	All	All
Hardware	Arista	7020tr-48	-	All	All	All
Hardware	Arista	7020tra-48	-	All	All	All
Hardware	Arista	7050cx3-32s	-	All	All	All
Hardware	Arista	7050cx3m-32s	-	All	All	All
Hardware	Arista	7050qx-32s	-	All	All	All
Hardware	Arista	7050qx2-32s	-	All	All	All
Hardware	Arista	7050sx-128	-	All	All	All
Hardware	Arista	7050sx-64	-	All	All	All
Hardware	Arista	7050sx-72q	-	All	All	All
Hardware	Arista	7050sx2-128	-	All	All	All
Hardware	Arista	7050sx2-72q	-	All	All	All
Hardware	Arista	7050sx3-48c8	-	All	All	All
Hardware	Arista	7050sx3-48yc	-	All	All	All
Hardware	Arista	7050sx3-48yc12	-	All	All	All
Hardware	Arista	7050sx3-48yc8	-	All	All	All
Hardware	Arista	7050sx3-96yc8	-	All	All	All
Hardware	Arista	7050tx-48	-	All	All	All
Hardware	Arista	7050tx-64	-	All	All	All
Hardware	Arista	7050tx-72q	-	All	All	All
Hardware	Arista	7050tx2-128	-	All	All	All
Hardware	Arista	7050tx3-48c8	-	All	All	All
Hardware	Arista	7060cx-32s	-	All	All	All
Hardware	Arista	7060cx2-32s	-	All	All	All
Hardware	Arista	7060dx4-32	-	All	All	All
Hardware	Arista	7060px4-32	-	All	All	All
Hardware	Arista	7060sx2-48yc6	-	All	All	All
Hardware	Arista	7130-16g3s	-	All	All	All
Hardware	Arista	7130-48g3s	-	All	All	All
Hardware	Arista	7130-96s	-	All	All	All
Hardware	Arista	7150s-24	-	All	All	All
Hardware	Arista	7150s-52	-	All	All	All
Hardware	Arista	7150s-64	-	All	All	All
Hardware	Arista	7150sc-24	-	All	All	All
Hardware	Arista	7150sc-64	-	All	All	All
Hardware	Arista	7160-32cq	-	All	All	All
Hardware	Arista	7160-48tc6	-	All	All	All
Hardware	Arista	7160-48yc6	-	All	All	All
Hardware	Arista	7170-32c	-	All	All	All
Hardware	Arista	7170-32cd	-	All	All	All
Hardware	Arista	7170-64c	-	All	All	All
Hardware	Arista	7170b-64c	-	All	All	All
Hardware	Arista	720df-48y	-	All	All	All
Hardware	Arista	720dp-24s	-	All	All	All
Hardware	Arista	720dp-48s	-	All	All	All
Hardware	Arista	720dt-24s	-	All	All	All
Hardware	Arista	720dt-48s	-	All	All	All
Hardware	Arista	720xp-24y6	-	All	All	All
Hardware	Arista	720xp-24zy4	-	All	All	All
Hardware	Arista	720xp-48y6	-	All	All	All
Hardware	Arista	720xp-48zc2	-	All	All	All
Hardware	Arista	720xp-96zc2	-	All	All	All
Hardware	Arista	7250qx-64	-	All	All	All
Hardware	Arista	7260cx	-	All	All	All
Hardware	Arista	7260cx3	-	All	All	All
Hardware	Arista	7260qx	-	All	All	All
Hardware	Arista	7260sx2	-	All	All	All
Hardware	Arista	7280cr2k-60	-	All	All	All
Hardware	Arista	7280cr3-32d4	-	All	All	All
Hardware	Arista	7280cr3-32p4	-	All	All	All
Hardware	Arista	7280cr3-96	-	All	All	All
Hardware	Arista	7280cr3k-32d4	-	All	All	All
Hardware	Arista	7280cr3k-32p4	-	All	All	All
Hardware	Arista	7280cr3k-96	-	All	All	All
Hardware	Arista	7280dr3-24	-	All	All	All
Hardware	Arista	7280dr3k-24	-	All	All	All
Hardware	Arista	7280e	-	All	All	All
Hardware	Arista	7280pr3-24	-	All	All	All
Hardware	Arista	7280pr3k-24	-	All	All	All
Hardware	Arista	7280sr3-48yc8	-	All	All	All
Hardware	Arista	7280sr3k-48yc8	-	All	All	All
Hardware	Arista	7300x-32q	-	All	All	All
Hardware	Arista	7300x-64s	-	All	All	All
Hardware	Arista	7300x-64t	-	All	All	All
Hardware	Arista	7300x3-32c	-	All	All	All
Hardware	Arista	7300x3-48yc4	-	All	All	All
Hardware	Arista	7320x-32c	-	All	All	All
Hardware	Arista	7358x4	-	All	All	All
Hardware	Arista	7368x4	-	All	All	All
Hardware	Arista	7388x5	-	All	All	All
Hardware	Arista	7500r3-24d	-	All	All	All
Hardware	Arista	7500r3-24p	-	All	All	All
Hardware	Arista	7500r3-36cq	-	All	All	All
Hardware	Arista	7500r3k-36cq	-	All	All	All
Hardware	Arista	7804r3	-	All	All	All
Hardware	Arista	7808r3	-	All	All	All
Hardware	Arista	7812r3	-	All	All	All
Hardware	Arista	7816r3	-	All	All	All
Hardware	Arista	96lbs	-	All	All	All
Application	Arista	Ceos-lab	All	All	All	All
Application	Arista	Cloudeos	-	All	All	All
Hardware	Arista	Dcs-7010tx-48	-	All	All	All
Hardware	Arista	Dcs-7500-12cq-lc	-	All	All	All
Hardware	Arista	Dcs-7500e-12cm-lc	-	All	All	All
Hardware	Arista	Dcs-7500e-36q-lc	-	All	All	All
Hardware	Arista	Dcs-7500e-48s-lc	-	All	All	All
Hardware	Arista	Dcs-7500e-6c2-lc	-	All	All	All
Hardware	Arista	Dcs-7500e-72s-lc	-	All	All	All
Hardware	Arista	Dcs-7500r-36cq-lc	-	All	All	All
Hardware	Arista	Dcs-7500r-36q-lc	-	All	All	All
Hardware	Arista	Dcs-7500r-48s2cq-lc	-	All	All	All
Operating System	Arista	Eos	All	All	All	All
Application	Arista	Veos-lab	-	All	All	All

References

Reference	Source	Link	Tags
Security Advisory 0086 - Arista	MISC	www.arista.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

44069 Arista EOS Improper Access Control Vulnerability (SA0086)