Latest arista eos Vulnerabilities

CVE-2023-3646
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
Arista EOS>=4.28.2f<=4.28.5.1m
Arista EOS>=4.29.0<4.29.2f
Arista 7280cr3-32d4
Arista 7280cr3-32p4
Arista 7280cr3-36s
Arista 7280cr3-96
and 42 more
CVE-2023-24548
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward pac...
Arista EOS>=4.22.1f<=4.22.13m
Arista EOS>=4.23.0<=4.23.14m
Arista EOS>=4.24.0<=4.24.11m
Arista EOS=4.25.0f
Arista 7280cr3-32d4
Arista 7280cr3-32p4
and 41 more
CVE-2023-24510
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
Arista EOS<=4.25.10m
Arista EOS>=4.26.0<4.26.10m
Arista EOS>=4.27.0<4.27.10m
Arista EOS>=4.28.0<4.28.7m
Arista EOS>=4.29.0<4.29.2f
Arista Ceos
and 95 more
CVE-2023-24512
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situ...
Arista EOS>=4.26.0<4.26.10m
Arista EOS>=4.27.0<4.27.9m
Arista EOS>=4.28.0<4.28.6m
Arista EOS>=4.29.0<4.29.2f
Arista 32qd
Arista 48ehs
and 107 more
CVE-2023-24509
Arista EOS>=4.23<=4.23.13m
Arista EOS>=4.24.0<4.24.11m
Arista EOS>=4.25.0<4.25.10m
Arista EOS>=4.26.0<4.26.9m
Arista EOS>=4.27.0<4.27.7m
Arista EOS>=4.28.0<4.28.4m
and 20 more
CVE-2023-24511
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causin...
Arista EOS>=4.26.0<4.26.10m
Arista EOS>=4.27.0<4.27.9m
Arista EOS>=4.28.0<4.28.6m
Arista EOS>=4.29.0<4.29.2f
Arista Ceos-lab
Arista CloudEOS
and 108 more
CVE-2021-28510
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of ...
Arista EOS<4.23.10
Arista EOS>=4.24.0<4.24.8
Arista EOS>=4.25.0<4.25.6
Arista EOS>=4.26.0<4.26.4
Arista EOS>=4.27.0<4.27.1
Arista 7020r
and 75 more
CVE-2021-28511
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if ...
Arista EOS<=4.24.9
Arista EOS>=4.25.0<=4.25.8
Arista EOS>=4.26.0<=4.26.5
Arista EOS>=4.27.0<=4.27.3
Arista 7050cx3-32s
Arista 7050cx3m-32s
and 13 more
CVE-2021-28509
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is...
Arista Terminattr<1.10.11
Arista Terminattr>=1.11.0<1.16.8
Arista Terminattr>=1.17.0<1.19.2
Arista EOS>=4.23<=4.23.11
Arista EOS>=4.24<4.24.10
Arista EOS>=4.25<4.25.8
and 45 more
CVE-2021-28508
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is...
Arista Terminattr<1.10.11
Arista Terminattr>=1.11.0<1.16.8
Arista Terminattr>=1.17.0<1.19.0
Arista EOS>=4.23<=4.23.11
Arista EOS>=4.24<4.24.10
Arista EOS>=4.25<4.25.8
and 45 more
CVE-2021-28505
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access ...
Arista EOS>=4.26<4.26.4m
Arista EOS>=4.27<4.27.1f
Arista Ccs-710p-12
Arista Ccs-710p-16p
Arista Ccs-720xp-24y6
Arista Ccs-720xp-24zy4
and 13 more
CVE-2021-28504
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declar...
Arista EOS>=4.26<4.26.4m
Arista EOS>=4.27<4.27.1f
Arista Ccs-710p-12
Arista Ccs-710p-16p
Arista Ccs-720xp-24y6
Arista Ccs-720xp-24zy4
and 13 more
CVE-2021-28503
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via...
Arista EOS>=4.22<=4.22.9m
Arista EOS>=4.23<=4.23.9
Arista EOS>=4.24<=4.24.7
Arista EOS>=4.25<=4.25.5
Arista EOS>=4.26<=4.26.2
CVE-2021-28500
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users...
Arista EOS<4.20
Arista EOS>=4.21.0<=4.21.14m
Arista EOS>=4.22.0<=4.22.11m
Arista EOS>=4.23.0<=4.23.8m
Arista EOS>=4.24.6.0<=4.24.6m
Arista EOS>=4.25.0<=4.25.4m
and 1 more
CVE-2021-28506
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
Arista EOS>=4.24.0<=4.24.7m
Arista EOS>=4.25.0<=4.25.3
Arista EOS>=4.25.4<=4.25.4m
Arista EOS>=4.25.5<=4.25.5.1m
Arista EOS>=4.26.0<=4.26.2f
CVE-2021-28507
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the deni...
Arista EOS>=4.23.0<=4.23.9m
Arista EOS>=4.24.0<=4.24.7m
Arista EOS>=4.25.0<=4.25.3
Arista EOS>=4.25.4<=4.25.4m
Arista EOS>=4.25.5<=4.25.5.1m
Arista EOS>=4.26.0<=4.26.2f
and 5 more
CVE-2021-28496
Arista EOS>=4.22<=4.22.7m
Arista EOS>=4.23<4.23.10
Arista EOS>=4.24<4.24.8
Arista EOS>=4.25<4.25.5
Arista EOS>=4.26<4.26.2
CVE-2020-15898
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not...
Arista EOS>=4.21.0f<=4.21.4.1f
Arista 7170-32c
Arista 7170-32cd
Arista 7170-64c
Arista EOS>=4.21.0f<=4.21.11m
Arista EOS>=4.22.0f<=4.22.6m
and 47 more
CVE-2020-24360
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista E...
Arista EOS>=4.22.0f<=4.22.6m
Arista EOS>=4.23.0f<=4.23.4m
Arista EOS>=4.24.0f<=4.24.2.4f
Arista 7280cr2ak-30
Arista 7280cr2k-60
Arista 7280cr3-32d4
and 23 more
CVE-2020-26569
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in ...
Arista EOS>=4.21.0f<=4.21.12m
Arista EOS>=4.22.0f<=4.22.7m
Arista EOS>=4.23.0f<=4.23.5m
Arista EOS>=4.24.0f<=4.24.2f
Arista 7010t-48
Arista 7050cx3-32s
and 44 more
CVE-2020-15897
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed lin...
Arista EOS<4.21.12m
Arista EOS>=4.22<4.22.7m
Arista EOS>=4.23<4.23.5m
Arista EOS>=4.24<4.24.2f
CVE-2020-17355
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHC...
Arista EOS>=4.21.0<4.21.12m
Arista EOS>=4.22<4.22.7m
Arista EOS>=4.23<4.23.5m
Arista EOS>=4.24.0<4.24.2f
CVE-2020-25686
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 1...
debian/dnsmasq
redhat/dnsmasq<2.83
Thekelleys Dnsmasq<2.83
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Debian Debian Linux=10.0
and 5 more
CVE-2020-25685
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only us...
debian/dnsmasq
Thekelleys Dnsmasq<2.83
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Debian Debian Linux=10.0
Arista EOS>=4.21<4.21.14m
and 5 more
CVE-2020-25684
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending...
Thekelleys Dnsmasq<2.83
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Arista EOS>=4.21<4.21.14m
and 6 more
CVE-2019-18948
Arista EOS>=4.21.0<=4.21.8m
Arista EOS>=4.22.0<=4.22.3m
Arista EOS>=4.23.0<=4.23.1f
Arista EOS=4.15
Arista EOS=4.16
Arista EOS=4.17
and 3 more
CVE-2020-10188
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem f...
Netkit Telnet Project Netkit Telnet<=0.17
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 355 more
CVE-2015-5745
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control m...
QEMU qemu<2.4.0
Fedoraproject Fedora=21
Fedoraproject Fedora=22
Fedoraproject Fedora=23
Arista EOS=4.12
Arista EOS=4.13
and 2 more
CVE-2015-5278
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors re...
QEMU qemu<2.4.0.1
Fedoraproject Fedora=21
Fedoraproject Fedora=22
Fedoraproject Fedora=23
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
and 5 more
CVE-2015-5239
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
QEMU qemu<2.1.0
Fedoraproject Fedora=21
Fedoraproject Fedora=22
Fedoraproject Fedora=23
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
and 16 more
CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client t...
Golang Go>=1.12<1.12.11
Golang Go>=1.13<1.13.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 15 more
CVE-2018-14008
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
Arista EOS<=4.21.0f

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203