Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-24509
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...
Source: NVD (National Vulnerability Database)
Vulnerability Description
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Arista Networks Extensible Operating System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista Networks Extensible Operating System(EOS)是美国Arista Networks公司的一套用于下一代数据中心和云解决方案的可扩展的操作系统。 Arista Networks Extensible Operating System存在安全漏洞,该漏洞源于该平台配备了冗余管理模块并配置了 RPR 或 SSO 冗余协议。攻击者可以利用该漏洞以根用户身份登录备用管理引擎提升权限。受影响的产品和版本:Arista EOS 4.28.3M 及以下版本,4.27.6M
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Arista NetworksArista EOS 4.23.0 4.23.13M -
II. Public POCs for CVE-2023-24509
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-24509
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Arista EOS
Same vendor: Arista Networks
Same weakness: CWE-269
V. Comments for CVE-2023-24509

No comments yet

Leave a comment