Vulnerabilidades en Arista Networks
80 resultadosCVE-2021-28496MEDIUMIn Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device.EPSS 0.4%CVE-2024-47518MEDIUMSpecially constructed queries targeting ETM could discover active remote access sessionsEPSS 0.4%CVE-2025-1260CRITICALOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.EPSS 0.4%CVE-2024-47520HIGHA user with advanced report application access rights can perform actions for which they are not authorizedEPSS 0.4%CVE-2025-6188HIGHOn affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do nEPSS 0.4%CVE-2024-47517MEDIUMExpired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM accessEPSS 0.4%CVE-2025-8873HIGHArista EOS Dataplane Denial of Service via Malformed IPsec PacketEPSS 0.4%CVE-2023-24547MEDIUMOn Arista MOS configuration of a BGP password will cause the password to be logged in clear text.EPSS 0.3%CVE-2023-6068LOWOn affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and someEPSS 0.3%CVE-2024-5872MEDIUMOn affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.EPSS 0.3%CVE-2024-9135MEDIUMOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.EPSS 0.3%CVE-2024-47519HIGHBackup uploads to ETM subject to man-in-the-middle interceptionEPSS 0.3%CVE-2025-1259HIGHOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.EPSS 0.3%CVE-2025-5088HIGHArista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis SessionEPSS 0.3%CVE-2023-5502HIGHOn affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.EPSS 0.3%CVE-2024-27892HIGHOn affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).EPSS 0.3%CVE-2024-27891MEDIUMOn affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.EPSS 0.3%CVE-2025-8872HIGHA specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restartedEPSS 0.3%CVE-2023-24509CRITICALOn affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...EPSS 0.2%CVE-2025-5089HIGHArista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server MessagesEPSS 0.2%