Main Vulnerability Database Vulnerabilities #VU109381

#VU109381 Resource management error in Arista Extensible Operating System (EOS) - CVE-2024-6437

Published: May 17, 2025

Vulnerability identifier: #VU109381

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-6437

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Extensible Operating System (EOS)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling traffic redirection. A remote attacker can bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.

Successful exploitation of the vulnerability requires one of the following features configured to redirect IP traffic to a next hop:

- policy-based routing (PBR)

- BGP Flowspec

- or interface traffic policy

Remediation

Install updates from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/20689-security-advisory-0108

#VU109381 Resource management error in Arista Extensible Operating System (EOS) - CVE-2024-6437

Description

Remediation

External links

Please verify you're human