Lucene search

MitreCVE-2015-8236

HistoryNov 19, 2015 - 11:59 a.m.

CVE-2015-8236

2015-11-1911:59:03

CWE-264

mitre

web.nvd.nist.gov

arista

eos

remote code execution

vulnerability

cve-2015-8236

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.009

Percentile

83.3%

JSON

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

Affected configurations

Nvd

Node

aristaeosRange≤4.11.11

aristaeosMatch4.12.5.2

aristaeosMatch4.12.6.1

aristaeosMatch4.12.7.1

aristaeosMatch4.12.8

aristaeosMatch4.12.8.1

aristaeosMatch4.12.9

aristaeosMatch4.12.10

aristaeosMatch4.13.1.1f

aristaeosMatch4.13.2.1f

aristaeosMatch4.13.3.1f

aristaeosMatch4.13.4.1f

aristaeosMatch4.13.5

aristaeosMatch4.13.5.1f

aristaeosMatch4.13.6

aristaeosMatch4.13.7.2m

aristaeosMatch4.13.7.3m

aristaeosMatch4.13.7m

aristaeosMatch4.13.8m

aristaeosMatch4.13.9.1m

aristaeosMatch4.13.9m

aristaeosMatch4.13.10m

aristaeosMatch4.13.11m

aristaeosMatch4.13.12m

aristaeosMatch4.13.13m

aristaeosMatch4.14.0f

aristaeosMatch4.14.1f

aristaeosMatch4.14.2f

aristaeosMatch4.14.3.1f

aristaeosMatch4.14.3f

aristaeosMatch4.14.4.1f

aristaeosMatch4.14.4.2f

aristaeosMatch4.14.4f

aristaeosMatch4.14.5.1f-ssu

aristaeosMatch4.14.5f

aristaeosMatch4.14.5fx

aristaeosMatch4.14.5fx.1

aristaeosMatch4.14.5fx.2

aristaeosMatch4.14.5fx.3

aristaeosMatch4.14.5fx.4

aristaeosMatch4.14.6f

aristaeosMatch4.14.7.1f

aristaeosMatch4.14.7f

aristaeosMatch4.14.8.1f

aristaeosMatch4.14.8f

aristaeosMatch4.14.9

aristaeosMatch4.15.0f

aristaeosMatch4.15.0fx

aristaeosMatch4.15.0fx1

aristaeosMatch4.15.0fxa

aristaeosMatch4.15.1f

aristaeosMatch4.15.1fx-7060qx

aristaeosMatch4.15.1fx-7060x

aristaeosMatch4.15.1fxb

aristaeosMatch4.15.2f

VendorProductVersionCPE
aristaeos*cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
aristaeos4.12.5.2cpe:2.3:o:arista:eos:4.12.5.2:*:*:*:*:*:*:*
aristaeos4.12.6.1cpe:2.3:o:arista:eos:4.12.6.1:*:*:*:*:*:*:*
aristaeos4.12.7.1cpe:2.3:o:arista:eos:4.12.7.1:*:*:*:*:*:*:*
aristaeos4.12.8cpe:2.3:o:arista:eos:4.12.8:*:*:*:*:*:*:*
aristaeos4.12.8.1cpe:2.3:o:arista:eos:4.12.8.1:*:*:*:*:*:*:*
aristaeos4.12.9cpe:2.3:o:arista:eos:4.12.9:*:*:*:*:*:*:*
aristaeos4.12.10cpe:2.3:o:arista:eos:4.12.10:*:*:*:*:*:*:*
aristaeos4.13.1.1fcpe:2.3:o:arista:eos:4.13.1.1f:*:*:*:*:*:*:*
aristaeos4.13.2.1fcpe:2.3:o:arista:eos:4.13.2.1f:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arista	eos	*	cpe:2.3:o:arista:eos::::::::
arista	eos	4.12.5.2	cpe:2.3:o:arista:eos:4.12.5.2:::::::*
arista	eos	4.12.6.1	cpe:2.3:o:arista:eos:4.12.6.1:::::::*
arista	eos	4.12.7.1	cpe:2.3:o:arista:eos:4.12.7.1:::::::*
arista	eos	4.12.8	cpe:2.3:o:arista:eos:4.12.8:::::::*
arista	eos	4.12.8.1	cpe:2.3:o:arista:eos:4.12.8.1:::::::*
arista	eos	4.12.9	cpe:2.3:o:arista:eos:4.12.9:::::::*
arista	eos	4.12.10	cpe:2.3:o:arista:eos:4.12.10:::::::*
arista	eos	4.13.1.1f	cpe:2.3:o:arista:eos:4.13.1.1f:::::::*
arista	eos	4.13.2.1f	cpe:2.3:o:arista:eos:4.13.2.1f:::::::*

Rows per page:

1-10 of 551

References

www.arista.com/support/advisories-notices/security-advisories/1221-security-advisory-15

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.009

Percentile

83.3%

JSON

Related for CVE-2015-8236