#VU109392 Protection Mechanism Failure in MultiAccess FPGA software - CVE-2023-6068

Cybersecurity Help s.r.o.

Published: 2025-05-17

Vulnerability identifier: #VU109392

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6068

CWE-ID: CWE-693

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MultiAccess FPGA software
Server applications / Other server solutions

Vendor: Arista Networks

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures when applying ACLs. Some ACL rules can be incorrectly applied to a port resulting in some packets that should be denied being permitted and some packets that should be permitted being denied.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MultiAccess FPGA software: before 1.8.0

External links
https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Protection mechanism failure in Arista MultiAccess FPGA software