{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11185","assignerOrgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","state":"PUBLISHED","assignerShortName":"Arista","dateReserved":"2024-11-13T17:02:27.536Z","datePublished":"2025-05-27T22:11:30.325Z","dateUpdated":"2025-05-28T13:34:52.088Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["EOS"],"product":"EOS","vendor":"Arista Networks","versions":[{"lessThanOrEqual":"4.29.10M","status":"affected","version":"4.29.0","versionType":"custom"},{"lessThanOrEqual":"4.30.9M","status":"affected","version":"4.30.0","versionType":"custom"},{"lessThanOrEqual":"4.31.6M","status":"affected","version":"4.31.0","versionType":"custom"},{"lessThanOrEqual":"4.32.3M","status":"affected","version":"4.32.0","versionType":"custom"},{"lessThanOrEqual":"4.33.1F","status":"affected","version":"4.33.0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

In order to be vulnerable to CVE-2024-11185, the following condition must be met:


IPV4 or IPV6 routing must be enabled. :

switch>show vrf

Maximum number of VRFs allowed: 1023

   VRF           Protocols       State         Interfaces

------------- --------------- ---------------- ----------

   default       IPv4           routing   Ma1      

   default       IPv6           routing   Ma1      

   


"}],"value":"In order to be vulnerable to CVE-2024-11185, the following condition must be met:\n\n\nIPV4 or IPV6 routing must be enabled. :\n\nswitch>show vrf\n\nMaximum number of VRFs allowed: 1023\n\n   VRF           Protocols       State         Interfaces\n\n------------- --------------- ---------------- ----------\n\n   default       IPv4           routing   Ma1       \n\n   default       IPv6           routing   Ma1"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.
"}],"value":"On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries."}],"impacts":[{"capecId":"CAPEC-554","descriptions":[{"lang":"en","value":"CAPEC-554 Functionality Bypass"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"cwe-1189","lang":"en"}]}],"providerMetadata":{"orgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","shortName":"Arista","dateUpdated":"2025-05-27T22:11:30.325Z"},"references":[{"url":"https://https://www.arista.com/en/support/advisories-notices/security-advisory/21411-security-advisory-0118"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades


CVE-2024-11185 has been fixed in the following releases:


"}],"value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2024-11185 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n\n\n * 4.31.7M and later releases in the 4.31.x train\n\n\n * 4.32.5M and later releases in the 4.32.x train\n\n\n * 4.33.2F and later releases in the 4.33.x train"}],"source":{"advisory":"SA118","defect":["BUG1009562"],"discovery":"INTERNAL"},"title":"On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no workarounds.
"}],"value":"There are no workarounds."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-28T13:34:42.414290Z","id":"CVE-2024-11185","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-28T13:34:52.088Z"}}]}}