The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2023-6068 has been fixed in the following releases: * MultiAccess FPGA 1.8.0 and later

In order to be vulnerable to CVE-2023-6068, the following condition must be met: MOS must be configured with MultiAccess FPGA software versions 1.7.1 or 1.6.x and can be determined by running the show version command and referring to the highlighted section as shown below. switch(config)#show version Device: Metamako MetaMux 48 with L-Series SKU: DCS-7130-48LB Serial number: M48LB-A3-27719-4 Software image version: 0.39.0alpha4 Internal build ID: master+9345 Applications: multiaccess-1.7.1

The workaround is to only apply one access-list to any particular port after the MultiAccess image is loaded into the FPGA. If a new access-list is to be applied to a port, the FPGA image should be reloaded after the access-list is applied. Run the following commands to reload the FPGA image, where the line in yellow represents new access control lists to be added: switch(config-app-multiaccess)#shut switch(config-app-multiaccess)#multiaccess-group 0 client 0 access-list new_acl_if_need switch(config-app-multiaccess)#no shut The previous applied access control lists will automatically apply after FPGA reload.

This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.