Vulnerabilidades em Arista Networks
80 resultadosCVE-2024-11186CRITICALOn affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premEPSS 0.6%CVE-2023-24510HIGHOn the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.EPSS 0.6%CVE-2023-24512HIGHOn affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. EPSS 0.6%CVE-2024-9134HIGHMultiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.EPSS 0.6%CVE-2025-0505CRITICALOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system stateEPSS 0.6%CVE-2023-3646MEDIUMOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.EPSS 0.6%CVE-2024-8100HIGHOn affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.EPSS 0.5%CVE-2025-6979HIGHCaptive Portal can allow authentication bypassEPSS 0.5%CVE-2021-28511MEDIUMThis advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ...EPSS 0.5%CVE-2024-4578HIGHPrivilege escalation in Arista Wireless Access PointsEPSS 0.5%CVE-2024-6437MEDIUMOn affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options maEPSS 0.5%CVE-2024-9448HIGHOn affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be droppEPSS 0.5%CVE-2021-28508MEDIUMTerminAttr streams IPsec sensitive data in clear text to other authorized users in CVPEPSS 0.5%CVE-2023-24548MEDIUMOn affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packetsEPSS 0.5%CVE-2025-2826LOWn affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.EPSS 0.5%CVE-2024-9188HIGHSpecially constructed queries cause cross platform scripting leaking administrator tokensEPSS 0.5%CVE-2024-7095MEDIUMOn affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being termEPSS 0.5%CVE-2021-28509MEDIUMTerminAttr streams MACsec sensitive data in clear text to other authorized users in CVPEPSS 0.4%CVE-2024-12378CRITICALOn affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.EPSS 0.4%CVE-2025-6980HIGHCaptive Portal can expose sensitive informationEPSS 0.4%