CVE-2024-8000: On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar
First published: Tue Mar 04 2025(Updated: )
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista EOS |
Remedy
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades . CVE-2024-8000 has been fixed in the following releases: * 4.33.0M and above * 4.32.5M and above releases in the 4.32.x train * 4.31.6M and above releases in the 4.31.x train * 4.30.9M and above releases in the 4.30.x train
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-8000?
CVE-2024-8000 has a severity rating that indicates a medium-level impact on network security due to potential misconfiguration of ACLs.
How do I fix CVE-2024-8000?
To mitigate CVE-2024-8000, ensure proper configuration and management of ACLs after performing an Accelerated Software Upgrade on Arista EOS.
What platforms are affected by CVE-2024-8000?
CVE-2024-8000 affects platforms running Arista EOS with 802.1X configured.
What conditions trigger CVE-2024-8000?
CVE-2024-8000 is triggered when a dynamic ACL is received from the AAA server during specific conditions after an ASU restart.
Is there a workaround for CVE-2024-8000?
Yes, regularly verify ACL installation and apply configurations to ensure all lines of the dynamic ACL are properly installed.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/arista
- canonical/arista eos