vulnerability

Security Advisory 0082

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Feb 14, 2023	Sep 4, 2024	Dec 17, 2024

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Feb 14, 2023

Added

Sep 4, 2024

Modified

Dec 17, 2024

Description

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

Solution

upgrade-solution-CVE-2023-24509

References

CVE-2023-24509
https://attackerkb.com/topics/CVE-2023-24509
URL-https://www.arista.com//en/support/advisories-notices/security-advisory/16985-security-advisory-0082

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today