23 matches found
CVE-2024-27890
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...
CVE-2024-27892 On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...
CVE-2024-27890
CVE-2024-27890 affects Arista EOS platforms with OpenConfig enabled; a gNMI Set request can be accepted when it should be rejected, causing unexpected configuration changes. Affected EOS versions include 4.29.x (≤4.29.7M), 4.28.x (≤4.28.10M), 4.27.x (≤4.27.8M), 4.26.x (≤4.26.9M), 4.25.x (≤4.25.10...
EUVD-2023-28530
Malicious code in bioql PyPI...
EUVD-2025-13950
Malicious code in bioql PyPI...
CVE-2025-52984
CVE-2025-52984 – Juniper Junos OS / Junos OS Evolved Root cause: a NULL pointer dereference in the routing protocol daemon (rpd) when a static route points to a reject next hop and a gNMI query is processed for that route, causing rpd to crash and restart and thus impacting device availability. A...
CVE-2025-0936
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers i.e...
CVE-2025-0936
CVE-2025-0936 affects Arista EOS with a gNMI transport enabled, where using the gNOI File TransferToRemote RPC with remote-credentials can cause those credentials to be logged on the local EOS device or on remote accounting servers (TACACS, RADIUS). The issue is triggered when the OpenConfig gNOI...
PT-2025-20313 · Arista · Arista Eos
Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server...
CVE-2025-0110
A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...
CVE-2025-0110
A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...
Security Advisory 0099
Security Advisory 0099 PDF Date: July 25th, 2024 Revision | Date | Changes ---|---|--- 1.0 | July 2, 2024 | Initial release 1.1 | July 8, 2024 | Update to Required Configuration for Exploitation 1.2 | July 25, 2024 | Update the Hotfix applicable releases The CVE-ID tracking this issue:...
CVE-2023-24512
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
Design/Logic Flaw
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
Security Advisory 0086
Security Advisory 0086 . CSAF PDF Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...
CVE-2023-24512 On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
CVE-2023-24512
The CVE-2023-24512 issue affects Arista EOS running with the Streaming Telemetry Agent (TerminAttr) enabled and gNMI access configured. An authorized attacker with gNMI permissions could craft a request to update arbitrary switch configurations, under conditions where TerminAttr is present and gR...