{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory 110 canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110" } ], "title": "Security Advisory 110", "tracking": { "current_release_date": "2025-05-07T20:02:20Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory 110", "initial_release_date": "2025-05-07T20:02:20Z", "revision_history": [ { "date": "2025-05-07T20:02:20Z", "number": "1", "summary": "Document created" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "EOS version 4.31.6", "product": { "name": "EOS version 4.31.6", "product_id": "CSAFPID-1" } }, { "category": "product_version", "name": "EOS version 4.33.1", "product": { "name": "EOS version 4.33.1", "product_id": "CSAFPID-4" } }, { "category": "product_version", "name": "EOS version 4.27.1", "product": { "name": "EOS version 4.27.1", "product_id": "CSAFPID-5" } }, { "category": "product_version", "name": "EOS version 4.32.4", "product": { "name": "EOS version 4.32.4", "product_id": "CSAFPID-0" } }, { "category": "product_version", "name": "EOS version 4.30.9", "product": { "name": "EOS version 4.30.9", "product_id": "CSAFPID-3" } }, { "category": "product_version", "name": "EOS version 4.29.10", "product": { "name": "EOS version 4.29.10", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "EOS" } ], "category": "product_family", "name": "Software Products" } ], "category": "vendor", "name": "Arista Networks, Inc." } ] }, "vulnerabilities": [ { "cve": "CVE-2024-9135", "id": { "system_name": "Arista Bug ID", "text": "1006114" }, "notes": [ { "category": "description", "text": "Arista's implementation of BGP-LS will leak memory when flapping link state.", "title": "CVE Description" }, { "category": "other", "text": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# address-family link-state\nswitch# neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\n \n brw363 192.0.2.9 4 65550 194222 125149 0 0 01:08:41 Estab 211948 211948\n \nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch>sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc", "title": "1006114: Required Config for Exploitation" } ], "product_status": { "first_affected": [ "CSAFPID-5" ], "fixed": [ "CSAFPID-0", "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "external", "summary": "MITRE", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9135" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.29.10", "product_ids": [ "CSAFPID-2" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.30.9", "product_ids": [ "CSAFPID-3" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.31.6", "product_ids": [ "CSAFPID-1" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.32.4", "product_ids": [ "CSAFPID-0" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.1", "product_ids": [ "CSAFPID-4" ] }, { "category": "none_available", "details": "Not fixed in EOS version 4.27.1", "product_ids": [ "CSAFPID-5" ] }, { "category": "mitigation", "details": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c 'echo \"BgpLsConsumerDps=0\" > /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" >> /mnt/flash/toggle_override'\n3. Reload the switch or router" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-3", "CSAFPID-1", "CSAFPID-0", "CSAFPID-5", "CSAFPID-4", "CSAFPID-2" ] } ], "title": "CVE-2024-9135" } ] }