19 matches found
CVE-2025-7048
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic...
CVE-2025-7048
CVE-2025-7048 affects Arista EOS with MACsec enabled. The issue, described as a buffer overflow in the MACsec component, can cause the MACsec process to terminate and, with continued malformed packets, may disrupt dataplane traffic. Affected EOS versions include releases up to 4.34.x/4.33.x/4.32....
CVE-2025-8872
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...
CVE-2025-8872
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...
CVE-2025-8870
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153...
PT-2025-46974
Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description Certain serial console input on affected platforms running Arista EOS may cause an unexpected reload of the device. Recommendations At the moment, there is no information about a newer...
Security Advisory 0125
Security Advisory 0125 . CSAF PDF Date: November 11, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 11, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-8870 CVSS:3.1 Base Score 4.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS:4.0 Base Score 5.6...
EUVD-2025-25755
Malicious code in bioql PyPI...
CVE-2025-6188 On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication...
CVE-2025-3456 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protoc...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista USA. A security vulnerability exists in Arista EOS that stems from the fact that restarting the Tunnelsec agent may cause packets to be sent in plaintext through a secure Vxlan tunnel...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from a malformed or truncated packet received through a VXLAN tunnel and forwarded in hardware may cause the egress port to fa...
PT-2023-19655 · Arista · Arista Eos
Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
CVE-2021-28505
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol...
CVE-2021-28506
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device...
CVE-2020-15897
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router...
Arista EOS Denial of Service Vulnerability
Arista EOS is a modular operating system from Arista Networks, Inc. that provides the foundation platform for next-generation data center and cloud networking business requirements. A security vulnerability exists in Arista EOS versions 4.15 prior to 4.15.8M, 4.16 prior to 4.16.7M and 4.17 prior ...
Arista EOS Remote Arbitrary Code Execution Vulnerability
EOS is Arista's network operating system, a standalone image that runs on all Arista devices and virtual machines. An elevation of privilege vulnerability exists in Arista EOS. By accessing the admin panel, a remote attacker can execute arbitrary code with root privileges...