CVE-2025-5089 Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

EUVD-2024-55613

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

Security Advisory 0140

Security Advisory 0140 PDF Date: June 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-10040 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSSv4.0 Base Score: 6.8...

EUVD-2015-6310

Malware in sbrugna...

CVE-2025-6188

CVE-2025-6188 affects Arista EOS: specially crafted UDP packets with source port 3503 may be accepted, potentially causing unexpected behavior in UDP services without authentication. Affected EOS releases include 4.30.x, 4.31.x, 4.32.x, 4.33.x, and 4.34.x train lines (exact sub-releases listed in...

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices allows a attacker to trigger a service failure.

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices is related to operations that occur outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Vulnerability fixed in Arista switches

Arista has fixed a vulnerability in the firmware of several Series 7000 switches. Switches that are redundantly configured and are equipped with the redundant supervisor module, allow an unauthenticated malicious person to log in as root to the standby supervisor. However, the malicious party mus...

Vulnerability fixed in Arista EOS switches

Arista has fixed a vulnerability in switches running on the EOS platform. The vulnerability is in the way VXLAN access rules are processed on the IP4 stack. Because this does not the access rule can be dropped in certain circumstances, allowing network traffic to pass unauthorized. Not all switch...

CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI...

Cisco FXOS Software Firepower Chassis Manager XSRF (cisco-sa-fxosfcm-csrf-uhO4e5BZ)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a cross-site request forgery vulnerability. The vulnerability is due to insufficient CSRF protections for the FCM interface. An unauthenticated, remote attacker can exploit this vulnerability b...

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass (cisco-sa-fxos-sbbp-XTuPkYTn)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a secure boot bypass vulnerability. The vulnerability is due to insufficient protections of the secure boot process. A local attacker can exploit this vulnerability by injecting code into a...

Cisco FXOS Software Buffer Overflow (cisco-sa-fxos-buffer-cSdmfWUt)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a software buffer overflow vulnerability due to incorrect bounds checking that are parsed from a specific file. An authenticated, local attacker with with valid administrative credentials can...

Arista Networks Extensible Operating System Input Validation Error Vulnerability

Arista Networks Extensible Operating System EOS is a suite of scalable operating systems for next-generation data center and cloud solutions from Arista Networks, Inc. in the United States. A security vulnerability exists in VxLAN in Arista Networks EOS. An attacker could exploit this vulnerabili...

CVE-2017-3883

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

CVE-2017-3883

CVE-2017-3883 affects Cisco FXOS and NX-OS System Software with AAA enabled. An unauthenticated remote attacker can brute-force login attempts, causing AAA processes to block keepalive messages; memory pressure can trigger AAA restart or device reload, leading to a denial of service. Affected pro...

The vulnerability of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system allows a intruder to inject arbitrary commands.

The vulnerability of the CLI component of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary...

The vulnerability of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system allows a perpetrator to execute arbitrary commands.

The vulnerability of the debugging functionality of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating locally,...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the Cisco Firepower Extensible Operating System’s undefined script exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating syste...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to circumvent existing access restrictions and obtain protected information.

The vulnerability of the Cisco Firepower Extensible Operating System is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and obtain protected information...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication credentials of arbitrary users...