Vulnerabilidades en Arista Networks
80 resultadosCVE-2025-6978HIGHDiagnostics command injection vulnerabilityEPSS 11.7%CVE-2026-25622HIGHArista Edge Threat Management NGFW Captive Portal Custom Handler Command InjectionEPSS 10.2%CVE-2026-25620HIGHArista Edge Threat Management NGFW Captive Portal Encrypted Password Command InjectionEPSS 10.2%CVE-2024-27889HIGHMultiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).EPSS 8.8%CVE-2026-25623HIGHArista Edge Threat Management NGFW UI Arbitrary Command ExecutionEPSS 6.2%CVE-2024-27890HIGHOn affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).EPSS 4.4%CVE-2021-28506CRITICALAn issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.EPSS 1.4%CVE-2024-9131HIGHA user with administrator privileges can perform command injectionEPSS 1.4%CVE-2021-28510MEDIUMFor certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.EPSS 1.0%CVE-2021-28500CRITICALAn issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.EPSS 0.9%CVE-2021-28505HIGHOn affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.EPSS 0.8%CVE-2021-28501CRITICALAn issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.EPSS 0.8%CVE-2023-24511MEDIUMOn affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.EPSS 0.8%CVE-2026-7473MEDIUMArista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding BypassEPSS 0.8%KEVCVE-2023-24545HIGHOn affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.EPSS 0.8%CVE-2021-28503HIGHIn Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.EPSS 0.7%CVE-2021-28504HIGHOn Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...EPSS 0.7%CVE-2023-24513MEDIUMOn affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...EPSS 0.7%CVE-2021-28507MEDIUMAn issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.EPSS 0.7%CVE-2024-9132HIGHThe administrator is able to configure an insecure captive portal scriptEPSS 0.7%