Eos@4.26.0 Security Vulnerabilities and Issues — Eos@4.26.0 CVE List

Lucene search

AristaEos4.26.0

9 matches found

CVE•added 2023/04/13 8:15 p.m.•326 views

CVE-2023-24509

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials...

9.3CVSS8.1AI score0.00054EPSS

CVE•added 2023/04/12 9:15 p.m.•246 views

CVE-2023-24511

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource e...

7.5CVSS6.2AI score0.00033EPSS

CVE•added 2023/06/05 10:15 p.m.•61 views

CVE-2023-24510

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

7.5CVSS7.5AI score0.00186EPSS

CVE•added 2022/08/05 5:15 p.m.•55 views

CVE-2021-28511

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an I...

6.5CVSS6.1AI score0.00232EPSS

CVE•added 2022/01/14 8:15 p.m.•48 views

CVE-2021-28500

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

9.1CVSS7.7AI score0.00312EPSS

CVE•added 2022/01/14 8:15 p.m.•47 views

CVE-2021-28506

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

9.4CVSS9.4AI score0.00279EPSS

CVE•added 2023/04/25 9:15 p.m.•43 views

CVE-2023-24512

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabl...

8.8CVSS6.8AI score0.00087EPSS

CVE•added 2023/01/26 9:15 p.m.•40 views

CVE-2021-28510

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.

7.5CVSS6.2AI score0.00224EPSS

CVE•added 2022/01/14 8:15 p.m.•34 views

CVE-2021-28507

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

7.1CVSS6.1AI score0.00141EPSS