CVE-2023-3646

MEDIUM

Arista Eos < 4.28.5.1m - Out-of-Bounds Read

Title source: rule

Description

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

References (1)

Core 1

Core References

Exploit, Mitigation, Vendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088

Scores

CVSS v3 5.9

EPSS 0.0015

EPSS Percentile 34.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

arista/eos 4.28.2f - 4.28.5.1m

Published Aug 29, 2023

Tracked Since Feb 18, 2026