CVE-2024-6437

Name of the Vulnerable Software and Affected Versions Arista EOS versions prior to 4.32.1F

Description The issue affects Arista EOS platforms with features like policy-based routing (PBR), BGP Flowspec, or interface traffic policy configured to redirect IP traffic to a next hop. Certain IP traffic, such as IPv4 packets with IP options, may bypass the feature's set nexthop action and be slow-path forwarded by the kernel, instead of following the redirect action's destination.

Recommendations For Arista EOS versions prior to 4.32.1F, update to a version that contains a fix for this issue to prevent IP traffic from bypassing the configured redirect actions. As a temporary workaround, consider restricting the use of features like policy-based routing (PBR), BGP Flowspec, or interface traffic policy to minimize the risk of exploitation.