CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-6437: On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (...

5.8 CVSS

Description

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.

Classification

CVE ID: CVE-2024-6437

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.8

Affected Products

Vendor: Arista Networks

Product: EOS-Policy Based Routing (PBR)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.47% (scored less or equal to compared to others)

EPSS Date: 2025-02-08 (when was this score calculated)

References

https://www.arista.com/en/support/advisories-notices/security-advisory/20689-security-advisory-0108

Timeline

2025-01-11 00:30:56 UTC
CVE

On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (...