CVE-2023-24509

{"id": "CVE-2023-24509", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2023-04-13T20:15:08.843", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "psirt@arista.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability."}], "lastModified": "2023-04-25T14:19:44.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arista:704x3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7C0C33F-72A7-41CA-A666-1CEC9F0FE02F"}, {"criteria": "cpe:2.3:h:arista:7304x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65C6E0C9-7F81-4CE3-BD46-7939667E5969"}, {"criteria": "cpe:2.3:h:arista:7304x3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78FE473B-CA6E-4E8D-8DBF-676B1ECBB185"}, {"criteria": "cpe:2.3:h:arista:7308x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7A8ABF1-ADF4-474D-B01B-8BB271E1263E"}, {"criteria": "cpe:2.3:h:arista:7316x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73ECE6D6-12E5-4396-9C19-3B2E08E13147"}, {"criteria": "cpe:2.3:h:arista:7324x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8862F74-E399-41EE-A081-62D99A7C1755"}, {"criteria": "cpe:2.3:h:arista:7328x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F16261D-639F-4CAB-BDA6-EF3F277E663C"}, {"criteria": "cpe:2.3:h:arista:7504r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD1F369D-93BF-4259-99F5-97FBEF79BBA5"}, {"criteria": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8387CCEA-F00C-4F1F-B966-ACF8B16F1D22"}, {"criteria": "cpe:2.3:h:arista:7508r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F35978B6-889C-47DB-971B-B2A12FF537E0"}, {"criteria": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55AE2A1C-A4FD-423B-A77E-2E24C2310A6A"}, {"criteria": "cpe:2.3:h:arista:7512r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2360E039-5F12-4210-8578-7EBDA4575A6E"}, {"criteria": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C4B0D708-B426-4CA1-BE87-08BD14B7EACE"}, {"criteria": "cpe:2.3:h:arista:7516r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D45E5E5-7EB9-41E7-8EEE-570E6646EDDD"}, {"criteria": "cpe:2.3:h:arista:755x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "585E3617-2B1F-4E58-853A-0E9703B91B80"}, {"criteria": "cpe:2.3:h:arista:758x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13B1D90C-73CC-49A2-B202-B07D96226729"}, {"criteria": "cpe:2.3:h:arista:7804r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A54F3D32-5A07-4791-90BF-96BD8A24C2F6"}, {"criteria": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F078B04-2DA0-4A4B-BB1A-408DC14CB61F"}, {"criteria": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E9B99200-EC76-404E-9900-5D1DC3B9A758"}, {"criteria": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A172A49-1A0E-464B-BDDD-A8F52856D595"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "498704F8-24D4-48C9-A5CB-4A8F7054AA49", "versionEndIncluding": "4.23.13m", "versionStartIncluding": "4.23"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8923F137-B1BA-49FF-A100-AD357966EE4F", "versionEndExcluding": "4.24.11m", "versionStartIncluding": "4.24.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D6EA8CE-BAA4-4B4D-8A9F-A65018FC6B3A", "versionEndExcluding": "4.25.10m", "versionStartIncluding": "4.25.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "659190E5-DFB0-4172-BD6F-1B9E22533CE5", "versionEndExcluding": "4.26.9m", "versionStartIncluding": "4.26.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20966F67-1C70-458C-A4EF-02612345DE48", "versionEndExcluding": "4.27.7m", "versionStartIncluding": "4.27.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F57FAA3-518C-498C-9580-19A207C8F176", "versionEndExcluding": "4.28.4m", "versionStartIncluding": "4.28.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@arista.com"}