CVE-2024-27892 On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).

🗓️ 04 Jun 2026 22:33:15Reported by AristaType

Arista EOS with OpenConfig allows a gNMI Set when it should be rejected under SSL Profiles, risking unintended config.

Reporter	Title	Published	Views	Family All 7
Arista	Security Advisory 0099	2 Jul 202400:00	–	arista
Circl	CVE-2024-27892	4 Jun 202623:47	–	circl
CVE	CVE-2024-27892	4 Jun 202622:33	–	cve
EUVD	EUVD-2024-55613	5 Jun 202600:31	–	euvd
NVD	CVE-2024-27892	4 Jun 202623:16	–	nvd
Positive Technologies	PT-2026-46397	4 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2024-27892 On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).	4 Jun 202622:33	–	vulnrichment

[
  {
    "vendor": "Arista Networks",
    "product": "EOS",
    "platforms": [
      "710 Series",
      "720D Series",
      "720XP/722XPM Series",
      "750X Series",
      "7010 Series",
      "7010X Series",
      "7020R Series",
      "7130 Series running EOS",
      "7150 Series",
      "7160 Series",
      "7170 Series",
      "7050X/X2/X3/X4 Series",
      "7060X/X2/X4/X5/X6 Series",
      "7250X Series",
      "7260X/X3 Series",
      "7280E/R/R2/R3 Series",
      "7300X/X3 Series",
      "7320X Series",
      "7358X4 Series",
      "7368X4 Series",
      "7388X5 Series",
      "7500E/R/R2/R3 Series",
      "7800R3 Series",
      "CloudEOS",
      "cEOS-lab",
      "vEOS-lab",
      "AWE 5000 Series"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "4.31.0",
        "lessThanOrEqual": "4.31.2F",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.30.0",
        "lessThanOrEqual": "4.30.5M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.29.0",
        "lessThanOrEqual": "4.29.7M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.28.0",
        "lessThanOrEqual": "4.28.10M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.27.0",
        "lessThanOrEqual": "4.27.8M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.26.0",
        "lessThanOrEqual": "4.26.9M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.25.0",
        "lessThanOrEqual": "4.25.10M",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.24.0",
        "lessThanOrEqual": "4.24.11M",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
arista	www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099

04 Jun 2026 22:33Current

CVSS 47.2

CVSS 3.19.6

EPSS0.0012

CWE-306