157 matches found
Security Advisory 0143
Security Advisory 0143 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | Jun 23, 2026 | Initial release Description All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent aka TerminAttr enabled. This issue...
CVE-2025-5088
CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...
CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...
CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...
CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...
CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...
CVE-2025-5090
CVE-2025-5090 affects Arista CloudVision Exchange (CVX) in Arista EOS-based deployments. The issue arises when CVX processes unexpected messages from a connected switch, leading to agent crashes on CVX and instability in the CVX cluster, enabling a DoS under high-privilege conditions on the conne...
CVE-2025-5089
CVE-2025-5089 describes a DoS condition in Arista EOS CVX deployments where malformed messages between a CVX server and connected EOS Switch can crash SysDB on EOS or destabilize the CVX cluster, requiring high-privilege access to send crafted TCP packets. Affected products are Arista EOS with Cl...
Arista EOS和Arista CloudVision eXchange 安全漏洞
Arista EOS and Arista CloudVision eXchange are both products of the American company Arista. Arista EOS is a fully programmable, highly modular Linux-based network operating system. Arista CloudVision eXchange is a control plane switching platform designed for data centers and enterprise networks...
Arista CloudVision eXchange 安全漏洞
Arista CloudVision eXchange is a control plane exchange platform developed by Arista Technologies in the United States, aimed at data centers and enterprise networks. There is a security vulnerability in Arista CloudVision eXchange. This vulnerability stems from EOS switches’ lack of flexibility...
Security Advisory 0139
Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...
Security Advisory 0136
Security Advisory 0136 PDF Date: May 1, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 1, 2026 | Initial release 1.1 | May 7, 2026 | Additional required configuration for exploitation information added 1.2 | May 11, 2026 | Advisory updated with additional mitigations. The CVE-ID tracking th...
CVE-2018-12357
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...
CVE-2019-18615
In CloudVision Portal CVP for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which a...
Security Advisory 0126
Security Advisory 0126 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The following issues were discovered during regular penetration testing of Arista’s EOS. Issues detailed cover CloudVision Exchange CVX based features includin...
EUVD-2016-9837
Malware in sbrugna...
EUVD-2018-4331
Malware in sbrugna...
EUVD-2019-7986
Malware in sbrugna...
EUVD-2020-5377
Malware in sbrugna...
EUVD-2020-17067
Malware in sbrugna...