7 matches found
Arista Networks EOS Security Update (SA0140)
The version of Arista Networks EOS running on the remote device is affected by a vulnerability as referenced in security advisory SA0140. - A user with local eos-admin privileges on affected Arista EOS Extensible Operating System platforms where secure boot is enabled can bypass Secure Boot...
Arista Networks EOS Improper Privilege Management (SA0082)
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentia...
Arista Networks EOS Multiple Vulnerabilities (SA0043)
The version of Arista Networks EOS running on the remote device is affected by the following vulnerabilities: - HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service DoS. An unauthenticated, remote attacker can exploit this, by sending continual pings to...
Arista Networks EOS DoS (SA0039)
The version of Arista Networks EOS running on the remote device is affected by a denial of service DoS vulnerability in the client certificate authentication process, due to the crypto/x509 package in Go not limiting the amount of work performed for each chain verification. A remote,...
Arista Networks EOS DNS 2 byte heap based overflow RCE (SA0030)
The version of Arista Networks EOS running on the remote device is affected by a heap-based buffer overflow in dnsmasq. This vulnerability allows a remote, unauthenticated attacker to run arbitrary code, create a denial of service DoS or an out of memory situation. Note that Nessus has not tested...
Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)
The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - An information disclosure vulnerability exists in the dsasignsetup function in dsaossl.c due to a failure to properly ensure the use of constant-time...
GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98...