First published: Tue Apr 25 2023(Updated: )
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.26.0<4.26.10m | |
Arista EOS | >=4.27.0<4.27.9m | |
Arista EOS | >=4.28.0<4.28.6m | |
Arista EOS | >=4.29.0<4.29.2f | |
Arista 32qd | ||
Arista 48ehs | ||
Arista 48lbas | ||
Arista 48lbs | ||
Arista 48s6qd | ||
Arista 7010t-48 | ||
Arista 7020sr-24c2 | ||
Arista 7020sr-32c2 | ||
Arista 7020tr-48 | ||
Arista 7020tra-48 | ||
Arista 7050cx3-32s | ||
Arista 7050cx3m-32s | ||
Arista 7050qx-32s | ||
Arista 7050qx2-32s | ||
Arista 7050sx-128 | ||
Arista 7050sx-64 | ||
Arista 7050sx-72q | ||
Arista 7050sx2-128 | ||
Arista 7050sx2-72q | ||
Arista 7050sx3-48c8 | ||
Arista 7050sx3-48yc | ||
Arista 7050sx3-48yc12 | ||
Arista 7050sx3-48yc8 | ||
Arista 7050sx3-96yc8 | ||
Arista 7050tx-48 | ||
Arista 7050tx-64 | ||
Arista 7050tx-72q | ||
Arista 7050tx2-128 | ||
Arista 7050tx3-48c8 | ||
Arista 7060cx-32s | ||
Arista 7060cx2-32s | ||
Arista 7060dx4-32 | ||
Arista 7060px4-32 | ||
Arista 7060sx2-48yc6 | ||
Arista 7130-16g3s | ||
Arista 7130-48g3s | ||
Arista 7130-96s | ||
Arista 7150s-24 | ||
Arista 7150s-52 | ||
Arista 7150s-64 | ||
Arista 7150sc-24 | ||
Arista 7150sc-64 | ||
Arista 7160-32cq | ||
Arista 7160-48tc6 | ||
Arista 7160-48yc6 | ||
Arista 7170-32c | ||
Arista 7170-32cd | ||
Arista 7170-64c | ||
Arista 7170b-64c | ||
Arista 720df-48y | ||
Arista 720dp-24s | ||
Arista 720dp-48s | ||
Arista 720dt-24s | ||
Arista 720dt-48s | ||
Arista 720xp-24y6 | ||
Arista 720xp-24zy4 | ||
Arista 720xp-48y6 | ||
Arista 720xp-48zc2 | ||
Arista 720xp-96zc2 | ||
Arista 7250qx-64 | ||
Arista 7260cx | ||
Arista 7260cx3 | ||
Arista 7260qx | ||
Arista 7260sx2 | ||
Arista 7280cr2k-60 | ||
Arista 7280cr3-32d4 | ||
Arista 7280cr3-32p4 | ||
Arista 7280cr3-96 | ||
Arista 7280cr3k-32d4 | ||
Arista 7280cr3k-32p4 | ||
Arista 7280cr3k-96 | ||
Arista 7280dr3-24 | ||
Arista 7280dr3k-24 | ||
Arista 7280e | ||
Arista 7280pr3-24 | ||
Arista 7280pr3k-24 | ||
Arista 7280sr3-48yc8 | ||
Arista 7280sr3k-48yc8 | ||
Arista 7300x-32q | ||
Arista 7300x-64s | ||
Arista 7300x-64t | ||
Arista 7300x3-32c | ||
Arista 7300x3-48yc4 | ||
Arista 7320x-32c | ||
Arista 7358x4 | ||
Arista 7368x4 | ||
Arista 7388x5 | ||
Arista 7500r3-24d | ||
Arista 7500r3-24p | ||
Arista 7500r3-36cq | ||
Arista 7500r3k-36cq | ||
Arista 7804r3 | ||
Arista 7808r3 | ||
Arista 7812r3 | ||
Arista 7816r3 | ||
Arista 96lbs | ||
Arista Dcs-7010tx-48 | ||
Arista Dcs-7500-12cq-lc | ||
Arista Dcs-7500e-12cm-lc | ||
Arista Dcs-7500e-36q-lc | ||
Arista Dcs-7500e-48s-lc | ||
Arista Dcs-7500e-6c2-lc | ||
Arista Dcs-7500e-72s-lc | ||
Arista Dcs-7500r-36cq-lc | ||
Arista Dcs-7500r-36q-lc | ||
Arista Dcs-7500r-48s2cq-lc | ||
Arista Ceos-lab | ||
Arista CloudEOS | ||
Arista Veos-lab |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.