CVE-2023-6068 - OpenCVE

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Arista

Published: 2024-03-04T19:44:08.620Z

Updated: 2024-06-28T01:32:30.968Z

Reserved: 2023-11-09T23:06:28.873Z

Link: CVE-2023-6068

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-04T20:15:50.267

Modified: 2024-03-05T13:41:01.900

Link: CVE-2023-6068

JSON object: View

Redhat Information

No data.

CWE

CWE-283

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6068", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2023-11-09T23:06:28.873Z", "datePublished": "2024-03-04T19:44:08.620Z", "dateUpdated": "2024-06-28T01:32:30.968Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["MultiAccess FPGA Software"], "product": "MOS", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "1.7.1"}, {"status": "affected", "version": "1.6"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In order to be vulnerable to CVE-2023-6068, the following condition must be met:</p><p>MOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.</p><pre>switch(config)#show version\nDevice: Metamako MetaMux 48 with L-Series\nSKU: DCS-7130-48LB\nSerial number: M48LB-A3-27719-4\n \nSoftware image version: 0.39.0alpha4\nInternal build ID: master+9345\n<span style=\"background-color: rgb(255, 255, 0);\">Applications: multiaccess-1.7.1</span></pre><br>"}], "value": "In order to be vulnerable to CVE-2023-6068, the following condition must be met:\n\nMOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below.\n\nswitch(config)#show version\nDevice: Metamako MetaMux 48 with L-Series\nSKU: DCS-7130-48LB\nSerial number: M48LB-A3-27719-4\n \nSoftware image version: 0.39.0alpha4\nInternal build ID: master+9345\nApplications: multiaccess-1.7.1\n\n\n"}], "datePublic": "2023-02-20T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some"}], "value": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.</span><br>"}], "value": "This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.\n"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-283", "description": "CWE-283", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2024-03-04T19:44:08.620Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.</p><p>CVE-2023-6068 has been fixed in the following releases:</p><ul><li>MultiAccess FPGA 1.8.0 and later</li></ul><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nCVE-2023-6068 has been fixed in the following releases:\n\n * MultiAccess FPGA 1.8.0 and later\n\n\n\n"}], "source": {"defect": ["BUG 869667"], "discovery": "INTERNAL"}, "title": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.</p><p>Run the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:</p><pre>switch(config-app-multiaccess)#shut\nswitch(config-app-multiaccess)<span style=\"background-color: rgb(255, 255, 0);\">#multiaccess-group 0 client 0 access-list new_acl_if_need</span>\nswitch(config-app-multiaccess)#no shut\n</pre><p>The previous applied access control lists will automatically apply after FPGA reload.</p><br>"}], "value": "The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied.\n\nRun the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added:\n\nswitch(config-app-multiaccess)#shut\nswitch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need\nswitch(config-app-multiaccess)#no shut\n\n\nThe previous applied access control lists will automatically apply after FPGA reload.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-04T21:18:50.615802Z", "id": "CVE-2023-6068", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T01:32:30.968Z"}}]}}