Main Vulnerability Database Vulnerabilities #VU109381

Resource management error in Arista Extensible Operating System (EOS) - CVE-2024-6437

Published: May 17, 2025

Vulnerability identifier: #VU109381

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-6437

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Extensible Operating System (EOS)

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling traffic redirection. A remote attacker can bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.

Successful exploitation of the vulnerability requires one of the following features configured to redirect IP traffic to a next hop:

- policy-based routing (PBR)

- BGP Flowspec

- or interface traffic policy

How to mitigate CVE-2024-6437

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/20689-security-advisory-0108

Resource management error in Arista Extensible Operating System (EOS) - CVE-2024-6437

Detailed vulnerability description

How to mitigate CVE-2024-6437

Sources

Please verify you're human