23 matches found
EUVD-2021-15185
Malware in sbrugna...
EUVD-2021-15184
Malware in sbrugna...
Design/Logic Flaw
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent referred to as the TerminAttr agent is enabl...
Security Advisory 0086
Security Advisory 0086 . CSAF PDF Date: April 25, 2023 Revision | Date | Changes ---|---|--- 1.0 | April 25, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Common Weakness Enumeration: CWE-284 Improper...
CVE-2021-28509
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to...
Design/Logic Flaw
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to...
CVE-2021-28509 TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to...
CVE-2021-28509
CVE-2021-28509 : Arista EOS TerminAttr and OpenConfig transport can leak MACsec data in clear text to authorized users, enabling potential decryption/modification of MACsec traffic. Affected: EOS devices with Octa and TerminAttr enabled; specific affected versions include EOS 4.23.x–4.27.x trains...
CVE-2021-28508
CVE-2021-28508 affects Arista EOS with TerminAttr and OpenConfig transport enabled. Under certain conditions TerminAttr or Octa may leak IPsec data in clear text to CloudVision/gNMI authorized users, allowing potential decryption/modification of IPsec traffic. Affected EOS versions when Octa is i...
CVE-2021-28508 TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
Security Advisory 0077
Security Advisory 0077 . CSAF PDF Date: May 27th, 2022 Revision | Date | Changes ---|---|--- 1.1 | May 27th 2022 | Update the CVE impact of Octa 1.0 | May 25th 2022 | Initial release CVE-2021-28508 CVSSv3.1 Base Score: 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CWE: CWE-255 Credentials...
CVE-2021-28501
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...
CVE-2021-28500
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...
CVE-2021-28500
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...
Design/Logic Flaw
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...
Design/Logic Flaw
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration...
CVE-2021-28501
The CVE-2021-28501 issue in Arista EOS concerns the incorrect use of EOS AAA APIs by the OpenConfig and TerminAttr agents, which could allow unrestricted access for local users configured with nopassword. Connected advisories confirm this affects OpenConfig gNMI/gNOI and TerminAttr and provide co...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...