7.5

CVE-2023-3646

Exploit

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

Data is provided by the National Vulnerability Database (NVD)
AristaEos Version >= 4.28.2f <= 4.28.5.1m
   Arista7280cr3-32d4 Version-
   Arista7280cr3-32p4 Version-
   Arista7280cr3-36s Version-
   Arista7280cr3-96 Version-
   Arista7280cr3a-24d12 Version-
   Arista7280cr3a-48d6 Version-
   Arista7280cr3a-72 Version-
   Arista7280dr3-24 Version-
   Arista7280dr3a-36 Version-
   Arista7280dr3a-54 Version-
   Arista7280dr3ak-36 Version-
   Arista7280dr3ak-54 Version-
   Arista7280dr3am-36 Version-
   Arista7280dr3am-54 Version-
   Arista7280pr3-24 Version-
   Arista7280r3 Version-
   Arista7280sr3-40yc6 Version-
   Arista7280sr3-48yc8 Version-
   Arista7280tr3-40c6 Version-
   Arista7289r3a-sc Version-
   Arista7289r3ak-sc Version-
   Arista7289r3am-sc Version-
   Arista7500r3-24d Version-
   Arista7500r3-24p Version-
   Arista7500r3-36cq Version-
   Arista7500r3k-36cq Version-
   Arista7500r3k-48y4d Version-
   Arista7504r3 Version-
   Arista7508r3 Version-
   Arista7512r3 Version-
   Arista7800r3-36d Version-
   Arista7800r3-36p Version-
   Arista7800r3-48cq Version-
   Arista7800r3a-36d Version-
   Arista7800r3a-36dm Version-
   Arista7800r3a-36p Version-
   Arista7800r3a-36pm Version-
   Arista7800r3ak-36dm Version-
   Arista7800r3ak-36pm Version-
   Arista7800r3k-36dm Version-
   Arista7800r3k-48cq Version-
   Arista7800r3k-48cqms Version-
   Arista7800r3k-72y7512r3 Version-
   Arista7808r3 Version-
   Arista7812r3 Version-
   Arista7816r3 Version-
AristaEos Version >= 4.29.0 < 4.29.2f
   Arista7280cr3-32d4 Version-
   Arista7280cr3-32p4 Version-
   Arista7280cr3-36s Version-
   Arista7280cr3-96 Version-
   Arista7280cr3a-24d12 Version-
   Arista7280cr3a-48d6 Version-
   Arista7280cr3a-72 Version-
   Arista7280dr3-24 Version-
   Arista7280dr3a-36 Version-
   Arista7280dr3a-54 Version-
   Arista7280dr3ak-36 Version-
   Arista7280dr3ak-54 Version-
   Arista7280dr3am-36 Version-
   Arista7280dr3am-54 Version-
   Arista7280pr3-24 Version-
   Arista7280r3 Version-
   Arista7280sr3-40yc6 Version-
   Arista7280sr3-48yc8 Version-
   Arista7280tr3-40c6 Version-
   Arista7289r3a-sc Version-
   Arista7289r3ak-sc Version-
   Arista7289r3am-sc Version-
   Arista7500r3-24d Version-
   Arista7500r3-24p Version-
   Arista7500r3-36cq Version-
   Arista7500r3k-36cq Version-
   Arista7500r3k-48y4d Version-
   Arista7504r3 Version-
   Arista7508r3 Version-
   Arista7512r3 Version-
   Arista7800r3-36d Version-
   Arista7800r3-36p Version-
   Arista7800r3-48cq Version-
   Arista7800r3a-36d Version-
   Arista7800r3a-36dm Version-
   Arista7800r3a-36p Version-
   Arista7800r3a-36pm Version-
   Arista7800r3ak-36dm Version-
   Arista7800r3ak-36pm Version-
   Arista7800r3k-36dm Version-
   Arista7800r3k-48cq Version-
   Arista7800r3k-48cqms Version-
   Arista7800r3k-72y7512r3 Version-
   Arista7808r3 Version-
   Arista7812r3 Version-
   Arista7816r3 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.15% 0.363
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@arista.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.