fkie_cve-2024-8000
Vulnerability from fkie_nvd
Published
2025-03-04 21:15
Modified
2025-03-04 21:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
References
psirt@arista.comhttps://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."
    },
    {
      "lang": "es",
      "value": "En las plataformas afectadas que ejecutan Arista EOS con 802.1X configurado, pueden ocurrir ciertas condiciones en las que se recibe una ACL din\u00e1mica del servidor AAA, lo que hace que solo se instale la primera l\u00ednea de la ACL despu\u00e9s de un reinicio de la Actualizaci\u00f3n de software acelerada (ASU). Nota: los solicitantes con autenticaci\u00f3n de portal cautivo pendiente durante la ASU se ver\u00edan afectados por este error."
    }
  ],
  "id": "CVE-2024-8000",
  "lastModified": "2025-03-04T21:15:12.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@arista.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-04T21:15:12.220",
  "references": [
    {
      "source": "psirt@arista.com",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
    }
  ],
  "sourceIdentifier": "psirt@arista.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1284"
        }
      ],
      "source": "psirt@arista.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.