Vulnerabilities in Arista Networks
80 resultsCVE-2025-5090HIGHArista CloudVision Exchange Cluster Instability via Unexpected Switch MessagesEPSS 0.2%CVE-2025-0936MEDIUMOn affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possiblyEPSS 0.2%CVE-2026-2379HIGHArista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is DisabledEPSS 0.2%CVE-2026-25621HIGHArista Edge Threat Management NGFW Reports Application Insecure Input ValidationEPSS 0.2%CVE-2025-54546HIGHOn affected platforms, restricted users could use SSH port forwarding to access host-internal servicesEPSS 0.2%CVE-2024-11185MEDIUMOn affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.EPSS 0.2%CVE-2025-54548MEDIUMOn affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)EPSS 0.2%CVE-2022-29071MEDIUMThis advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vu ...EPSS 0.2%CVE-2024-8000MEDIUMOn affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restarEPSS 0.2%CVE-2025-7048MEDIUMOn affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption oEPSS 0.2%CVE-2024-9133MEDIUMA user with administrator privileges is able to retrieve authentication tokensEPSS 0.2%CVE-2025-2796MEDIUMOn affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normalEPSS 0.2%CVE-2026-25624MEDIUMArista Edge Threat Management NGFW UI Administrative Cross-Site ScriptingEPSS 0.2%CVE-2025-8870MEDIUMOn affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.EPSS 0.1%CVE-2024-6858MEDIUMIn Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.EPSS 0.1%CVE-2025-54545HIGHOn affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.EPSS 0.1%CVE-2025-54547MEDIUMOn affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expiredEPSS 0.1%CVE-2025-3456LOWOn affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-cEPSS 0.1%CVE-2024-7142MEDIUMOn Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on themEPSS 0.1%CVE-2025-54549MEDIUMCryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISOEPSS 0.1%