CVE-2023-5502

Vulnerability

A malicious supplicant may bypass 802.1x authentication on Arista EOS platforms when 802.1x is configured on access/trunk ports and routing is enabled on the access VLAN. This affects EOS versions from 4.17.0 onwards, including specific releases within trains 4.31.x down to 4.24.x, on affected platforms [1].

Exploitation

An attacker with network access to an affected port would need to act as a malicious supplicant. By exploiting the configuration where 802.1x authentication is active and routing is enabled on the access VLAN, the attacker can circumvent the authentication process without needing valid credentials [1].

Impact

Successful exploitation allows an attacker to bypass network access controls, potentially gaining unauthorized access to the network segment associated with the compromised port. The specific impact on confidentiality, integrity, or availability is not detailed, but unauthorized access is the primary outcome [1].

Mitigation

This vulnerability affects End-of-Life (EOL) platforms and their associated EOS versions, meaning there are no released versions of EOS that fix the issue for these products. Arista is not aware of any malicious uses of this issue in customer networks [1].