Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HHIGH: 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NDefault status
unaffected
4.34.0F (custom)
affected
4.33.0M (custom)
affected
4.32.0M (custom)
affected
4.31.0 (custom) before 4.32.0
affected
4.30.0 (custom) before 4.31.0
affected
Description
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.
Problem types
CWE-20: Improper Input Validation
Product status
4.34.0F (custom)
4.33.0M (custom)
4.32.0M (custom)
4.31.0 (custom) before 4.32.0
4.30.0 (custom) before 4.31.0
References
www.arista.com/...rity-advisory/22868-security-advisory-0126