CVE-2024-8000 On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar

🗓️ 04 Mar 2025 20:20:53Reported by AristaType

CVE-2024-8000 impacts Arista EOS with 802.1X, causing ACL issues after Accelerated Software Upgrade.

Reporter	Title	Published	Views	Family All 8
Arista	Security Advisory 0109	14 Jan 202500:00	–	arista
Circl	CVE-2024-8000	4 Mar 202520:31	–	circl
CNNVD	Arista EOS 安全漏洞	4 Mar 202500:00	–	cnnvd
CVE	CVE-2024-8000	4 Mar 202520:20	–	cve
EUVD	EUVD-2024-54121	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8000	4 Mar 202521:15	–	nvd
RedhatCVE	CVE-2024-8000	6 Mar 202520:51	–	redhatcve
Vulnrichment	CVE-2024-8000 On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar	4 Mar 202520:20	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "EOS",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "4.32.4M",
        "status": "affected",
        "version": "4.32.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.31.5M",
        "status": "affected",
        "version": "4.31.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "4.30.8M",
        "status": "affected",
        "version": "4.30.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
arista	www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109

04 Mar 2025 20:20Current

CVSS 3.15.3

EPSS0.0024

CWE-1284

cve-2024-8000 arista eos dynamic acl 802.1x accelerated software upgrade