{"api_version":"1","generated_at":"2026-04-22T22:49:47+00:00","cve":"CVE-2023-24548","urls":{"html":"https://cve.report/CVE-2023-24548","api":"https://cve.report/api/cve/CVE-2023-24548.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-24548","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-24548"},"summary":{"title":"CVE-2023-24548","description":"On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.","state":"PUBLIC","assigner":"psirt@arista.com","published_at":"2023-08-29 17:15:00","updated_at":"2023-09-05 18:52:00"},"problem_types":["CWE-120"],"metrics":[],"references":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089","name":"https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089","refsource":"MISC","tags":[],"title":"Security Advisory 0089 - Arista","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-24548","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24548","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3-32d4","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3-32p4","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3-36s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3-96","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3a-24d12","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3a-48d6","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280cr3a-72","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3-24","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3a-36","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3a-54","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3ak-36","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3ak-54","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3am-36","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280dr3am-54","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280pr3-24","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280sr3-40yc6","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280sr3-48yc8","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7280tr3-40c6","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7500r3-24d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7500r3-24p","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7500r3-36cq","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7500r3k-36cq","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7500r3k-48y4d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7504r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7508r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7512r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3-36d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3-36p","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3-48cq","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3a-36d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3a-36dm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3a-36p","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3a-36pm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3ak-36dm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3ak-36pm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3k-36dm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3k-48cq","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3k-48cqms","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7800r3k-72y7512r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7808r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7812r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"arista","cpe5":"7816r3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"arista","cpe5":"eos","cpe6":"4.25.0f","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"1","versionEndIncluding":"4.22.13m","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"arista","cpe5":"eos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"1","versionEndIncluding":"4.23.14m","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"arista","cpe5":"eos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"24548","vulnerable":"1","versionEndIncluding":"4.24.11m","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"arista","cpe5":"eos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-24548","qid":"44109","title":"Arista EOS Buffer Copy Without Checking Size of Input Vulnerability (SA0089)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-24548","ASSIGNER":"psirt@arista.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","cweId":"CWE-120"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Arista Networks","product":{"product_data":[{"product_name":"EOS","version":{"version_data":[{"version_affected":"<=","version_name":"4.25.0F","version_value":"=4.25.0F"},{"version_affected":"<=","version_name":"4.24.0","version_value":"<=4.24.11M"},{"version_affected":"<=","version_name":"4.23.0","version_value":"<=4.23.14M"},{"version_affected":"<=","version_name":"4.22.1F","version_value":"<=4.22.13M"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089","refsource":"MISC","name":"https://www.arista.com/en/support/advisories-notices/security-advisory/18043-security-advisory-0089"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"Security Advisory 89","defect":["828687"],"discovery":"INTERNAL"},"configuration":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<b><p><span style=\"background-color: transparent;\">In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:</span></p><br><p><span style=\"background-color: transparent;\">IP routing should be enabled:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">Switch&gt; show running-config section ip routing</span></p><p><span style=\"background-color: transparent;\">ip routing</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN should be configured - a sample configuration is found below:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Loopback interface configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section loopback</span></p><p><span style=\"background-color: transparent;\">interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 10.0.0.1/32</span></p><br><p><span style=\"background-color: transparent;\"># VXLAN VTEP configuration</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vxlan</span></p><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan source-interface Loopback0</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan udp-port 4789</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan flood vtep 10.0.0.2</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">AND</span></p><br><p><span style=\"background-color: transparent;\">VXLAN extended VLAN or VNI must be routable - two examples are shown below:</span><span style=\"background-color: transparent;\">&nbsp;</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\"># Overlay interface</span></p><p><span style=\"background-color: transparent;\">switch&gt; show running-config section vlan</span></p><p><span style=\"background-color: transparent;\">vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Ethernet1/1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;switchport access vlan 100</span></p><p><span style=\"background-color: transparent;\">interface Vlan100</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;ip address 1.0.0.1/24</span></p><br><p><span style=\"background-color: transparent;\">Interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; vxlan vlan 100 vni 100000</span></p></td></tr></tbody></table></div><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show running-config section red</span></p><p><span style=\"background-color: transparent;\">vrf instance red</span></p><p><span style=\"background-color: transparent;\">ip routing vrf red</span></p><br><p><span style=\"background-color: transparent;\">interface Vxlan1</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp;vxlan vrf red vni 200000</span></p></td></tr></tbody></table></div><br><br><p><span style=\"background-color: transparent;\">Whether such a configuration exists can be checked as follows:</span></p><br><div><table><tbody><tr><td><p><span style=\"background-color: transparent;\">switch&gt; show vxlan vni</span></p><p><span style=\"background-color: transparent;\">VNI to VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; Source &nbsp; &nbsp; &nbsp; Interface &nbsp; &nbsp; &nbsp; &nbsp; 802.1Q Tag</span></p><p><span style=\"background-color: transparent;\">------------ ---------- ------------ ----------------- ----------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; static &nbsp; &nbsp; &nbsp; Ethernet1/1 &nbsp; &nbsp; &nbsp; untagged</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Vxlan1  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 100</span></p><br><p><span style=\"background-color: transparent;\">VNI to dynamic VLAN Mapping for Vxlan1</span></p><p><span style=\"background-color: transparent;\">VNI  &nbsp; &nbsp; &nbsp; &nbsp; VLAN &nbsp; &nbsp; &nbsp; VRF &nbsp; &nbsp; &nbsp; Source</span></p><p><span style=\"background-color: transparent;\">------------ ---------- --------- ------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">200000</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; red &nbsp; &nbsp; &nbsp; evpn</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show vlan</span></p><p><span style=\"background-color: transparent;\">VLAN  Name &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status  &nbsp; Ports</span></p><p><span style=\"background-color: transparent;\">----- -------------------------------- --------- -------------------------------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">100</span><span style=\"background-color: transparent;\"> &nbsp; VLAN0100 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">1006</span><span style=\"background-color: transparent;\">* VLAN1006 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; active  &nbsp; Cpu, </span><span style=\"background-color: rgb(255, 255, 0);\">Vx1</span></p><br><br><p><span style=\"background-color: transparent;\">switch&gt; show ip interface brief</span></p><p><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Address</span></p><p><span style=\"background-color: transparent;\">Interface &nbsp; &nbsp; &nbsp; &nbsp; IP Address  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Status &nbsp; &nbsp; &nbsp; Protocol  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MTU  &nbsp; Owner</span></p><p><span style=\"background-color: transparent;\">----------------- --------------------- ------------ -------------- ----------- -------</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan100</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1.0.0.1/24  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 1500</span></p><p><span style=\"background-color: rgb(255, 255, 0);\">Vlan1006</span><span style=\"background-color: transparent;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; unassigned  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; </span><span style=\"background-color: rgb(255, 255, 0);\">up</span><span style=\"background-color: transparent;\"> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; up  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 10168</span></p></td></tr></tbody></table></div><br><p><span style=\"background-color: transparent;\">From the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.</span></p></b><br><br>"}],"value":"In order to be vulnerable to CVE-2023-24548, the following three conditions must be met:\n\n\nIP routing should be enabled:\n\n\nSwitch> show running-config section ip routing\n\nip routing\n\n\n\n\nAND\n\n\nVXLAN should be configured - a sample configuration is found below:\n\n\n# Loopback interface configuration\n\nswitch> show running-config section loopback\n\ninterface Loopback0\n\n   ip address 10.0.0.1/32\n\n\n# VXLAN VTEP configuration\n\nswitch> show running-config section vxlan\n\ninterface Vxlan1\n\n   vxlan source-interface Loopback0\n\n   vxlan udp-port 4789\n\n   vxlan flood vtep 10.0.0.2\n\n\n\n\nAND\n\n\nVXLAN extended VLAN or VNI must be routable - two examples are shown below: \n\n\n# Overlay interface\n\nswitch> show running-config section vlan\n\nvlan 100\n\ninterface Ethernet1/1\n\n   switchport access vlan 100\n\ninterface Vlan100\n\n   ip address 1.0.0.1/24\n\n\nInterface Vxlan1\n\n  vxlan vlan 100 vni 100000\n\n\n\n\nswitch> show running-config section red\n\nvrf instance red\n\nip routing vrf red\n\n\ninterface Vxlan1\n\n   vxlan vrf red vni 200000\n\n\n\n\n\nWhether such a configuration exists can be checked as follows:\n\n\nswitch> show vxlan vni\n\nVNI to VLAN Mapping for Vxlan1\n\nVNI          VLAN       Source       Interface         802.1Q Tag\n\n------------ ---------- ------------ ----------------- ----------\n\n100000       100        static       Ethernet1/1       untagged\n\n                                     Vxlan1            100\n\n\nVNI to dynamic VLAN Mapping for Vxlan1\n\nVNI          VLAN       VRF       Source\n\n------------ ---------- --------- ------------\n\n200000       1006       red       evpn\n\n\n\nswitch> show vlan\n\nVLAN  Name                             Status    Ports\n\n----- -------------------------------- --------- -------------------------------\n\n100   VLAN0100                         active    Cpu, Vx1\n\n1006* VLAN1006                         active    Cpu, Vx1\n\n\n\nswitch> show ip interface brief\n\n                                                                               Address\n\nInterface         IP Address            Status       Protocol            MTU    Owner\n\n----------------- --------------------- ------------ -------------- ----------- -------\n\nVlan100           1.0.0.1/24            up           up                 1500\n\nVlan1006          unassigned            up           up                10168\n\n\n\n\nFrom the above outputs, it can be seen that IP routing is enabled, VXLAN is configured, and VNIs 100000 (mapped to VLAN 100) and 200000 (mapped to VRF red) are routable.\n\n\n\n"}],"work_around":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<b><span style=\"background-color: transparent;\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</span></b><br>"}],"value":"There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n"}],"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<b><p><span style=\"background-color: transparent;\">The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"><span style=\"background-color: transparent;\">EOS User Manual: Upgrades and Downgrades</span></a></p><br><p><span style=\"background-color: transparent;\">CVE-2023-24548 has been fixed in the following releases:</span></p><ul><li><p><span style=\"background-color: transparent;\">4.30.0F and later releases in the 4.30.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.29.0F and later releases in the 4.29.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.28.0F and later releases in the 4.28.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.27.0F and later releases in the 4.27.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.26.0F and later releases in the 4.26.x train</span></p></li><li><p><span style=\"background-color: transparent;\">4.25.1F and later releases in the 4.25.x train</span></p></li></ul><span style=\"background-color: transparent;\">No remediation is planned for EOS software versions that are beyond their </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy\"><span style=\"background-color: transparent;\">standard EOS support lifecycle</span></a><span style=\"background-color: transparent;\"> (i.e. 4.22, 4.23).</span></b><br>"}],"value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2023-24548 has been fixed in the following releases:\n\n  *  4.30.0F and later releases in the 4.30.x train\n\n\n  *  4.29.0F and later releases in the 4.29.x train\n\n\n  *  4.28.0F and later releases in the 4.28.x train\n\n\n  *  4.27.0F and later releases in the 4.27.x train\n\n\n  *  4.26.0F and later releases in the 4.26.x train\n\n\n  *  4.25.1F and later releases in the 4.25.x train\n\n\n\n\nNo remediation is planned for EOS software versions that are beyond their  standard EOS support lifecycle https://www.arista.com/en/support/product-documentation/eos-life-cycle-policy  (i.e. 4.22, 4.23).\n"}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-08-29 17:15:00","lastModifiedDate":"2023-09-05 18:52:00","problem_types":["CWE-120"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*","versionStartIncluding":"4.22.1f","versionEndIncluding":"4.22.13m","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*","versionStartIncluding":"4.23.0","versionEndIncluding":"4.23.14m","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*","versionStartIncluding":"4.24.0","versionEndIncluding":"4.24.11m","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:arista:eos:4.25.0f:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}