23 matches found
CVE-2024-27890
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...
CVE-2024-27892 On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...
CVE-2024-27890
CVE-2024-27890 affects Arista EOS platforms with OpenConfig enabled; a gNMI Set request can be accepted when it should be rejected, causing unexpected configuration changes. Affected EOS versions include 4.29.x (≤4.29.7M), 4.28.x (≤4.28.10M), 4.27.x (≤4.27.8M), 4.26.x (≤4.26.9M), 4.25.x (≤4.25.10...
EUVD-2023-28530
Malicious code in bioql PyPI...
EUVD-2025-13950
Malicious code in bioql PyPI...
CVE-2025-52984
CVE-2025-52984 – Juniper Junos OS / Junos OS Evolved Root cause: a NULL pointer dereference in the routing protocol daemon (rpd) when a static route points to a reject next hop and a gNMI query is processed for that route, causing rpd to crash and restart and thus impacting device availability. A...
CVE-2025-0936
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936
CVE-2025-0936 affects Arista EOS with a gNMI transport enabled, where using the gNOI File TransferToRemote RPC with remote-credentials can cause those credentials to be logged on the local EOS device or on remote accounting servers (TACACS, RADIUS). The issue is triggered when the OpenConfig gNOI...
PT-2025-20313 · Arista · Arista Eos
Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server...
CVE-2025-0110
A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...
CVE-2025-0110
A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...
Security Advisory 0099
Security Advisory 0099 PDF Date: July 25th, 2024 Revision | Date | Changes ---|---|--- 1.0 | July 2, 2024 | Initial release 1.1 | July 8, 2024 | Update to Required Configuration for Exploitation 1.2 | July 25, 2024 | Update the Hotfix applicable releases The CVE-ID tracking this issue:...
CVE-2023-24512
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
Design/Logic Flaw
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
CVE-2023-24512 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
CVE-2023-24512
The CVE-2023-24512 issue affects Arista EOS running with the Streaming Telemetry Agent (TerminAttr) enabled and gNMI access configured. An authorized attacker with gNMI permissions could craft a request to update arbitrary switch configurations, under conditions where TerminAttr is present and gR...
Security Advisory 0086
Security Advisory 0086 . CSAF PDF Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...