Search criteria
80 vulnerabilities by Arista Networks
CVE-2026-25624 (GCVE-0-2026-25624)
Vulnerability from cvelistv5 – Published: 2026-06-05 19:34 – Updated: 2026-06-05 20:28
VLAI
Title
Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting
Summary
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Affected:
0 , ≤ 17.4.0
(custom)
|
Date Public
2026-02-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:27:35.700216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:28:03.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA successful attack requires administrative privileges to target UI entry forms and relies on session interaction parsing from a secondary administrator browser window.\u003c/p\u003e"
}
],
"value": "A successful attack requires administrative privileges to target UI entry forms and relies on session interaction parsing from a secondary administrator browser window."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.\u003c/p\u003e"
}
],
"value": "An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-Site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:34:37.618Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15492"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
}
],
"value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25624",
"datePublished": "2026-06-05T19:34:37.618Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:28:03.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25623 (GCVE-0-2026-25623)
Vulnerability from cvelistv5 – Published: 2026-06-05 19:31 – Updated: 2026-06-05 20:27
VLAI
Title
Arista Edge Threat Management NGFW UI Arbitrary Command Execution
Summary
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Affected:
0 , ≤ 17.4.0
(custom)
|
Date Public
2026-02-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:27:12.326159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:27:23.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA successful attack requires high-privileged authenticated management interface configuration access to the NGFW web platform.\u003c/p\u003e"
}
],
"value": "A successful attack requires high-privileged authenticated management interface configuration access to the NGFW web platform."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.\u003c/p\u003e"
}
],
"value": "An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:31:49.749Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15490"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW UI Arbitrary Command Execution",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
}
],
"value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25623",
"datePublished": "2026-06-05T19:31:49.749Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:27:23.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25622 (GCVE-0-2026-25622)
Vulnerability from cvelistv5 – Published: 2026-06-05 19:29 – Updated: 2026-06-05 20:26
VLAI
Title
Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection
Summary
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Affected:
0 , ≤ 17.4.0
(custom)
|
Date Public
2026-02-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:26:51.450858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:26:59.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA successful attack requires authenticated administrative interface access rights over the targeted NGFW UI deployment endpoint.\u003c/p\u003e"
}
],
"value": "A successful attack requires authenticated administrative interface access rights over the targeted NGFW UI deployment endpoint."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.\u003c/p\u003e"
}
],
"value": "A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:29:57.126Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15494"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
}
],
"value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25622",
"datePublished": "2026-06-05T19:29:57.126Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:26:59.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25621 (GCVE-0-2026-25621)
Vulnerability from cvelistv5 – Published: 2026-06-05 19:28 – Updated: 2026-06-05 20:26
VLAI
Title
Arista Edge Threat Management NGFW Reports Application Insecure Input Validation
Summary
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Affected:
17.4.0
(custom)
|
Date Public
2026-02-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:26:29.068961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:26:36.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eSuccessful administrative interface access authentication privileges verified.\u003c/li\u003e\u003cli\u003eNavigation to the Reports application dashboard under the Data subsystem.\u003c/li\u003e\u003cli\u003eProcessing an upload interaction within the Import/Restore Data Backup Files field utilizing a specially crafted malicious input file.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "In order to be vulnerable, the following cumulative conditions must be satisfied:\n\n * An NGFW system running exactly version 17.4.0.\n * Successful administrative interface access authentication privileges verified.\n * Navigation to the Reports application dashboard under the Data subsystem.\n * Processing an upload interaction within the Import/Restore Data Backup Files field utilizing a specially crafted malicious input file."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e"
}
],
"value": "A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:28:13.886Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15491"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW Reports Application Insecure Input Validation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePer operational best practice security models, do not allow unauthorized administrative access to the administrative browser.\u003c/p\u003e"
}
],
"value": "Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25621",
"datePublished": "2026-06-05T19:28:13.886Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:26:36.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25620 (GCVE-0-2026-25620)
Vulnerability from cvelistv5 – Published: 2026-06-05 19:26 – Updated: 2026-06-05 20:23
VLAI
Title
Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection
Summary
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) |
Affected:
17.4.0
(custom)
|
Date Public
2026-02-03 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:23:23.730510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:23:31.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Arista Edge Threat Management - Arista Next Generation Firewall (Formerly Untangle)"
],
"product": "Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable, the following cumulative conditions must be satisfied:\u003c/p\u003e\u003col\u003e\u003cli\u003eAn NGFW system running exactly version 17.4.0.\u003c/li\u003e\u003cli\u003eThe system administrator must navigate to the Captive Portal application interface.\u003c/li\u003e\u003cli\u003eThe Captive Portal application must be actively installed and enabled.\u003c/li\u003e\u003cli\u003eCaptive Portal Basic Login validation control must be enabled.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "In order to be vulnerable, the following cumulative conditions must be satisfied:\n\n * An NGFW system running exactly version 17.4.0.\n * The system administrator must navigate to the Captive Portal application interface.\n * The Captive Portal application must be actively installed and enabled.\n * Captive Portal Basic Login validation control must be enabled."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jon Williams \u0026 Ronan Kervella from Bishop Fox"
}
],
"datePublic": "2026-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.\u003c/p\u003e"
}
],
"value": "An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T19:26:36.797Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22867-security-advisory-0133"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience."
}
],
"source": {
"advisory": "0133",
"defect": [
"NGFW-15493"
],
"discovery": "EXTERNAL"
},
"title": "Arista Edge Threat Management NGFW Captive Portal Encrypted Password Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter.\u003c/p\u003e"
}
],
"value": "If managing an active NGFW 17.4.0 deployment, disable the Captive Portal Basic Login configuration profile parameter."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-25620",
"datePublished": "2026-06-05T19:26:36.797Z",
"dateReserved": "2026-02-03T22:23:04.359Z",
"dateUpdated": "2026-06-05T20:23:31.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2379 (GCVE-0-2026-2379)
Vulnerability from cvelistv5 – Published: 2026-06-05 17:59 – Updated: 2026-06-05 17:59
VLAI
Title
Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled
Summary
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
Severity
CWE
- CWE-672 - Operation on a Resource after Expiration or Release
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.0 , ≤ 4.34.3M
(custom)
Affected: 4.33.0M , ≤ 4.33.5M (custom) Affected: 4.32.0M , ≤ 4.32.7M (custom) Affected: 4.31.0M , ≤ 4.31.9M (custom) Affected: 4.30.0F , < 4.31.0 (custom) Affected: 4.29.0F , < 4.30.0 (custom) Affected: 4.28.0F , < 4.29.0 (custom) Affected: 4.27.1F , < 4.28.0 (custom) |
Date Public
2026-02-17 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7280R3 Series with IPsec (DCS-7280SR3AK",
"DCS-7280SR3AM",
"DCS-7280CR3AK",
"DCS-7280CR3AM",
"DCS-7280CR3MK",
"DCS-7280DR3AK",
"DCS-7280DR3AM",
"DCS-7289R3AK-SC",
"DCS-7289R3AM-SC)",
"7800R3 Series with IPsec (7800R3A-36DM-LC",
"7800R3AK-36DM-LC",
"7800R3A-36PM-LC",
"7800R3AK-36PM-LC",
"7800R3A-36DM2-LC",
"7800R3AK-36DM2-LC)",
"AWE 7000 Series with IPsec (AWE-7250R-16S-F",
"AWE-7230R-4TX-4S-F",
"AWE-7220RP-5TH-2S-F)",
"AWE 5000 Series with IPsec (AWE-5510",
"AWE-5310)",
"CloudEOS VM"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.3M",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.5M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.9M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThan": "4.31.0",
"status": "affected",
"version": "4.30.0F",
"versionType": "custom"
},
{
"lessThan": "4.30.0",
"status": "affected",
"version": "4.29.0F",
"versionType": "custom"
},
{
"lessThan": "4.29.0",
"status": "affected",
"version": "4.28.0F",
"versionType": "custom"
},
{
"lessThan": "4.28.0",
"status": "affected",
"version": "4.27.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2026-2379, the IPsec\u0026nbsp;\u003cb\u003eanti-replay detection\u003c/b\u003e\u0026nbsp;feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\u003c/p\u003e\u003cp\u003eThe field \u201c\u003cb\u003eReplay window size\u003c/b\u003e\u201d in the output of the command \u201c\u003cb\u003eshow ip sec connection detail\u003c/b\u003e\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cpre\u003eswitch#show ip sec connection detail\nTunnel0:\n\u0026nbsp;\u0026nbsp;Source address: 2.0.0.1, Destination address: 2.0.0.2\n\u0026nbsp;\u0026nbsp;State: established\n\u0026nbsp;\u0026nbsp;Uptime: 31 minutes, 49 seconds\n\u0026nbsp;\u0026nbsp;VRF: default\n\u0026nbsp;\u0026nbsp;Inbound SPI: 0xcc09b0d4:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, \u003cb\u003eReplay window size: 16384\u003c/b\u003e, Seq: 0x0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2101671584, Hard packet limit: 4000000000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2657 secs, Hard time limit: 3600 secs\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 461294305\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 391481\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\n\u0026nbsp;\u0026nbsp;Outbound SPI: 0xc7869a84:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2653085513, Hard packet limit: 4000000000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2565 secs, Hard time limit: 3600 secs\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 1421924689\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 1207796\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cp\u003eIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\u003c/p\u003e\u003cpre\u003eswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2026-2379, the IPsec\u00a0anti-replay detection\u00a0feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\n\n\n\nThe field \u201cReplay window size\u201d in the output of the command \u201cshow ip sec connection detail\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\n\n\n\nswitch#show ip sec connection detail\nTunnel0:\n\u00a0\u00a0Source address: 2.0.0.1, Destination address: 2.0.0.2\n\u00a0\u00a0State: established\n\u00a0\u00a0Uptime: 31 minutes, 49 seconds\n\u00a0\u00a0VRF: default\n\u00a0\u00a0Inbound SPI: 0xcc09b0d4:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2101671584, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2657 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 461294305\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 391481\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\u00a0\u00a0Outbound SPI: 0xc7869a84:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2653085513, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2565 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 1421924689\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 1207796\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\n\n\u00a0\n\n\n\nIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\n\n\n\nIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\n\n\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection"
}
],
"datePublic": "2026-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.\u003c/p\u003e"
}
],
"value": "On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication."
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session Tokens"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672: Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T17:59:40.999Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2026-2379 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.35.0F and later releases in the 4.35.x train\u003c/li\u003e\u003cli\u003e4.34.4M and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.6M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.10M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\n\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\n\nCVE-2026-2379 has been fixed in the following releases:\n\n * 4.35.0F and later releases in the 4.35.x train\n * 4.34.4M and later releases in the 4.34.x train\n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "0134",
"defect": [
"BUG 1188976"
],
"discovery": "INTERNAL"
},
"title": "Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e"
}
],
"value": "There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-2379",
"datePublished": "2026-06-05T17:59:40.999Z",
"dateReserved": "2026-02-11T21:25:16.721Z",
"dateUpdated": "2026-06-05T17:59:40.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7473 (GCVE-0-2026-7473)
Vulnerability from cvelistv5 – Published: 2026-06-05 16:22 – Updated: 2026-06-05 16:22
VLAI
Title
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
Summary
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.
This issue has been reported as being exploited in the wild.
Severity
5.8 (Medium)
CWE
- CWE-1023 - Incomplete Comparison with Missing Factors
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.36.0
(custom)
Affected: 4.35.0 , ≤ 4.35 (custom) Affected: 4.34.0 , ≤ 4.34 (custom) Affected: 4.33.0 , ≤ 4.33 (custom) Affected: 4.32.0 , ≤ 4.32 (custom) Affected: 4.31.0 , ≤ 4.31 (custom) Affected: * , ≤ 4.30 (custom) |
Date Public
2026-05-05 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"7020R Series",
"7280R/R2 Series",
"7500R/R2 Series",
"7280R3 Series (Limited exposure: IP-in-IPv6 and GUEv6)",
"7500R3 Series (Limited exposure: IP-in-IPv6 and GUEv6)",
"7800R3 Series (Limited exposure: IP-in-IPv6 and GUEv6)"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.36.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.35",
"status": "affected",
"version": "4.35.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.34",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2026-7473, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe device must be configured as a tunnel endpoint with a decapsulation IP \u2014 for example, as a VXLAN VTEP, a GRE tunnel endpoint, or with an ip decap-group.\u003c/p\u003e\u003cp\u003eA device configured to decapsulate one tunnel type will also incorrectly accept and decapsulate other tunnel protocols destined to the same IP address, even if those protocols were not explicitly configured. The following table summarizes which additional tunnel types a device will decapsulate based on its configured decapsulation type (note that some cases require extra protocol specific configurations for traffic to be decapsulated). Note that in all cases the inner header could be IPv4 or IPv6.\u003c/p\u003e\u003cdiv\u003e\u003cb\u003eNote on Platforms:\u003c/b\u003e\u003c/div\u003e\u003cul\u003e\u003cli\u003eAll scenarios below apply to 7020R Series, 7280R/R2 Series, and 7500R/R2 Series.\u003c/li\u003e\u003cli\u003eOnly the IP-in-IPv6 and GUE IPV6 Decap Group scenarios apply to 7280R3 Series, 7500R3 Series, and 7800R3 Series.\u003c/li\u003e\u003c/ul\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003cth\u003eConfigured decapsulation tunnel type\u003c/th\u003e\u003cth\u003eUnexpected decapsulation of tunnel type traffic to configured decap IP\u003c/th\u003e\u003cth\u003eAdditional configurations required for exploitation\u003c/th\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003eVXLAN IPv4 Tunnel Interface\u003c/td\u003e\u003ctd\u003eGRE, IPoIP\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNVGRE\u003c/td\u003e\u003ctd\u003eTNI in NVGRE packet must match a VXLAN VNI configured on switch\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"3\"\u003eGRE IPv4 Tunnel Interface\u003c/td\u003e\u003ctd\u003eVXLAN\u003c/td\u003e\u003ctd\u003eVXLAN Tunnel Interface (VTI) and VNI mapping must be configured\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGeneric UDP Encapsulation (GUE)\u003c/td\u003e\u003ctd\u003eGUE Decap Group and relevant UDP destination port to payload mapping must be configured. Both source and destination IP must match GRE tunnel configuration.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIPoIP\u003c/td\u003e\u003ctd\u003eBoth source and destination IP must match GRE tunnel configuration.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"4\"\u003eGRE IPv4 Decap Group\u003c/td\u003e\u003ctd\u003eIPoIP\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVXLAN\u003c/td\u003e\u003ctd\u003eVXLAN Tunnel Interface (VTI) and VNI mapping must be configured\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGUE\u003c/td\u003e\u003ctd\u003eGUE Decap Group and relevant UDP destination port to payload mapping must be configured.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNVGRE\u003c/td\u003e\u003ctd\u003eVXLAN Tunnel Interface (VTI) must be configured. TNI in NVGRE packet must match a VXLAN VNI configured on switch.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGUE IPv4 Decap Group\u003c/td\u003e\u003ctd\u003eGRE, IPoIP\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"4\"\u003eIP-in-IPv4 Decap Group\u003c/td\u003e\u003ctd\u003eGRE\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNVGRE\u003c/td\u003e\u003ctd\u003eVXLAN Tunnel Interface (VTI) must be configured. TNI in NVGRE packet must match a VNI configured on switch.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVXLAN\u003c/td\u003e\u003ctd\u003eVXLAN Tunnel Interface (VTI) and VNI mapping must be configured\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGUE\u003c/td\u003e\u003ctd\u003eGUE Decap Group and relevant UDP destination port to payload mapping must be configured.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd rowspan=\"2\"\u003eIP-in-IPv6 Decap Group\u003c/td\u003e\u003ctd\u003eGREv6\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGUEv6\u003c/td\u003e\u003ctd\u003eGUE Decap Group and relevant UDP destination port to payload mapping must be configured.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eGUE IPv6 Decap Group\u003c/td\u003e\u003ctd\u003eIP-in-IPv6, GREv6\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "In order to be vulnerable to CVE-2026-7473, the following condition must be met:\n\n\n\nThe device must be configured as a tunnel endpoint with a decapsulation IP \u2014 for example, as a VXLAN VTEP, a GRE tunnel endpoint, or with an ip decap-group.\n\n\n\nA device configured to decapsulate one tunnel type will also incorrectly accept and decapsulate other tunnel protocols destined to the same IP address, even if those protocols were not explicitly configured. The following table summarizes which additional tunnel types a device will decapsulate based on its configured decapsulation type (note that some cases require extra protocol specific configurations for traffic to be decapsulated). Note that in all cases the inner header could be IPv4 or IPv6.\n\nNote on Platforms:\n\n * All scenarios below apply to 7020R Series, 7280R/R2 Series, and 7500R/R2 Series.\n * Only the IP-in-IPv6 and GUE IPV6 Decap Group scenarios apply to 7280R3 Series, 7500R3 Series, and 7800R3 Series.\n\n\nConfigured decapsulation tunnel typeUnexpected decapsulation of tunnel type traffic to configured decap IPAdditional configurations required for exploitationVXLAN IPv4 Tunnel InterfaceGRE, IPoIPNoneNVGRETNI in NVGRE packet must match a VXLAN VNI configured on switchGRE IPv4 Tunnel InterfaceVXLANVXLAN Tunnel Interface (VTI) and VNI mapping must be configuredGeneric UDP Encapsulation (GUE)GUE Decap Group and relevant UDP destination port to payload mapping must be configured. Both source and destination IP must match GRE tunnel configuration.IPoIPBoth source and destination IP must match GRE tunnel configuration.GRE IPv4 Decap GroupIPoIPNoneVXLANVXLAN Tunnel Interface (VTI) and VNI mapping must be configuredGUEGUE Decap Group and relevant UDP destination port to payload mapping must be configured.NVGREVXLAN Tunnel Interface (VTI) must be configured. TNI in NVGRE packet must match a VXLAN VNI configured on switch.GUE IPv4 Decap GroupGRE, IPoIPNoneIP-in-IPv4 Decap GroupGRENoneNVGREVXLAN Tunnel Interface (VTI) must be configured. TNI in NVGRE packet must match a VNI configured on switch.VXLANVXLAN Tunnel Interface (VTI) and VNI mapping must be configuredGUEGUE Decap Group and relevant UDP destination port to payload mapping must be configured.IP-in-IPv6 Decap GroupGREv6NoneGUEv6GUE Decap Group and relevant UDP destination port to payload mapping must be configured.GUE IPv6 Decap GroupIP-in-IPv6, GREv6None"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo check if the device is acting as a VXLAN VTEP:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show interfaces vxlan 1\n\u0026nbsp;Vxlan1 is up, line protocol is up (connected)\n\u0026nbsp;\u0026nbsp;\u0026nbsp;Source interface is Loopback1 and is active with 10.0.0.1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;Listening on UDP port 4789\n\u0026nbsp;\u0026nbsp;\u0026nbsp;...\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the output contains \u201c\u003cb\u003eSource interface is \u0026lt;interface\u0026gt; and is active with \u0026lt;IP\u0026gt;\u003c/b\u003e\u201d, the device is acting as a VXLAN VTEP with \u0026lt;IP\u0026gt; as the tunnel termination address, and is potentially impacted.\u003c/p\u003e\u003cp\u003eTo check if a GRE tunnel interface is configured:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show interfaces Tunnel0\n\u0026nbsp;Tunnel0 is up, line protocol is up\n\u0026nbsp;\u0026nbsp;\u0026nbsp;Hardware is Tunnel\n\u0026nbsp;\u0026nbsp;\u0026nbsp;Tunnel source 1.1.1.1, destination 1.1.1.2\n\u0026nbsp;\u0026nbsp;\u0026nbsp;Tunnel protocol/transport GRE/IP\n\u0026nbsp;\u0026nbsp;\u0026nbsp;...\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf the tunnel interface is up with a source and destination, the device is a GRE tunnel endpoint and is potentially impacted.\u003c/p\u003e\u003cp\u003eTo check if decap-groups are configured:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ip decap-group\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf none of the above outputs show the presence of any tunnel endpoint configurations, the device does not perform tunnel decapsulation and is not exposed to this issue.\u003c/p\u003e"
}
],
"value": "To check if the device is acting as a VXLAN VTEP:\n\n\n\nswitch\u003eshow interfaces vxlan 1\n\u00a0Vxlan1 is up, line protocol is up (connected)\n\u00a0\u00a0\u00a0Source interface is Loopback1 and is active with 10.0.0.1\n\u00a0\u00a0\u00a0Listening on UDP port 4789\n\u00a0\u00a0\u00a0...\n\n\n\u00a0\n\n\n\nIf the output contains \u201cSource interface is \u003cinterface\u003e and is active with \u003cIP\u003e\u201d, the device is acting as a VXLAN VTEP with \u003cIP\u003e as the tunnel termination address, and is potentially impacted.\n\n\n\nTo check if a GRE tunnel interface is configured:\n\n\n\nswitch\u003eshow interfaces Tunnel0\n\u00a0Tunnel0 is up, line protocol is up\n\u00a0\u00a0\u00a0Hardware is Tunnel\n\u00a0\u00a0\u00a0Tunnel source 1.1.1.1, destination 1.1.1.2\n\u00a0\u00a0\u00a0Tunnel protocol/transport GRE/IP\n\u00a0\u00a0\u00a0...\n\n\n\u00a0\n\n\n\nIf the tunnel interface is up with a source and destination, the device is a GRE tunnel endpoint and is potentially impacted.\n\n\n\nTo check if decap-groups are configured:\n\n\n\nswitch\u003eshow ip decap-group\n\n\n\u00a0\n\n\n\nIf none of the above outputs show the presence of any tunnel endpoint configurations, the device does not perform tunnel decapsulation and is not exposed to this issue."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Scott Christiansen, Lukas Peitz, Rich Compton, and Jonathan Davis at Comcast"
}
],
"datePublic": "2026-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS where a tunnel decapsulation configuration\u2014such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface\u2014is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.\u003c/p\u003e\u003cp\u003eThis issue has been reported as being exploited in the wild.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS where a tunnel decapsulation configuration\u2014such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface\u2014is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.\n\n\n\nThis issue has been reported as being exploited in the wild."
}
],
"impacts": [
{
"capecId": "CAPEC-272",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-272 Protocol Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1023",
"description": "CWE-1023: Incomplete Comparison with Missing Factors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T16:22:47.989Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNo software upgrade path is planned to address this issue due to the risk of breaking existing configuration on deployments. The recommended resolution of this issue is to follow the appropriate mitigation instructions detailed in the workaround block.\u003c/p\u003e"
}
],
"value": "No software upgrade path is planned to address this issue due to the risk of breaking existing configuration on deployments. The recommended resolution of this issue is to follow the appropriate mitigation instructions detailed in the workaround block."
}
],
"source": {
"advisory": "0137",
"defect": [
"BUG1086442",
"BUG1519884"
],
"discovery": "EXTERNAL"
},
"title": "Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are two broad approaches to mitigate this issue - (1) applying ACLs on upstream devices or (2) applying ACLs on the devices where the unexpected decapsulation is happening. In both cases, the idea is to either selectively allow only legitimate tunnel traffic or to selectively block malicious tunnel traffic. For example, if a network is configured to forward VXLAN traffic, but GRE traffic is being unexpectedly forwarded, then ACLs can be used to either selectively allow just VXLAN traffic or selectively block GRE traffic. More details about using the ACL feature can be found in the\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-acls-and-route-maps#xx1150869\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eArista User Manual\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eA note of caution, the following ACL-based mitigation recommendations assume that the tunnel IP is dedicated solely to receiving the configured tunnel protocol traffic. When adapting these rules for your environment, it is important to explicitly permit any additional protocol traffic\u2014such as BGP or SSH\u2014if that IP serves multiple functions. To maintain connectivity, ensure these permit statements are sequenced before any deny statements directed at the decapsulation IP.\u003c/p\u003e\u003cp\u003eThe following configurations align with the recommendations outlined in the\u0026nbsp;\u003ca href=\"https://arista.my.site.com/AristaCommunity/s/article/arista-eos-hardening-guide#Comm_Kna_ka0Uw00000097VJIAY_71\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eArista EOS Hardening Guide\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "There are two broad approaches to mitigate this issue - (1) applying ACLs on upstream devices or (2) applying ACLs on the devices where the unexpected decapsulation is happening. In both cases, the idea is to either selectively allow only legitimate tunnel traffic or to selectively block malicious tunnel traffic. For example, if a network is configured to forward VXLAN traffic, but GRE traffic is being unexpectedly forwarded, then ACLs can be used to either selectively allow just VXLAN traffic or selectively block GRE traffic. More details about using the ACL feature can be found in the\u00a0 Arista User Manual https://www.arista.com/en/um-eos/eos-acls-and-route-maps#xx1150869 .\n\n\n\nA note of caution, the following ACL-based mitigation recommendations assume that the tunnel IP is dedicated solely to receiving the configured tunnel protocol traffic. When adapting these rules for your environment, it is important to explicitly permit any additional protocol traffic\u2014such as BGP or SSH\u2014if that IP serves multiple functions. To maintain connectivity, ensure these permit statements are sequenced before any deny statements directed at the decapsulation IP.\n\n\n\nThe following configurations align with the recommendations outlined in the\u00a0 Arista EOS Hardening Guide https://arista.my.site.com/AristaCommunity/s/article/arista-eos-hardening-guide#Comm_Kna_ka0Uw00000097VJIAY_71 ."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eApproach 1 - Applying ACL on Upstream Switches\u003c/h3\u003e\u003cp\u003eOn upstream devices, applying ACLs to allow specific tunneled traffic is straightforward. ACLs can be applied that match on tunnel destination IP, the IP next protocol field, and (optionally) UDP destination port to selectively allow or block specific tunnel protocols.\u003c/p\u003e\u003cp\u003eExample ACLs for Arista EOS follows.\u003c/p\u003eACL to permit VXLANv4 Only\u003cp\u003eThis IPv4 ACL matches on VXLAN packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (17)\u003cbr\u003e(b) IP DIP = VXLAN VTEP IP\u003cbr\u003e(c) UDP destination port = VXLAN UDP Port (4789)\u003c/p\u003e\u003cp\u003eIt allows VXLAN packets and drops all other packets to the VXLAN Decap IP.\u003c/p\u003e\u003cpre\u003eip access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit udp any host \u0026lt;vxlan-decap-ip\u0026gt; eq 4789\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny ip any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit ip any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit GREv4 Only\u003cp\u003eThis IPv4 ACL matches on GRE packets as follows:\u003cbr\u003e(a) IP next protocol = GRE (47)\u003cbr\u003e(b) IP DIP = GRE Tunnel Destination IP\u003c/p\u003e\u003cp\u003eIt allows GRE packets and drops all other packets to the GRE Decap IP.\u003c/p\u003e\u003cpre\u003eip access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit gre any host \u0026lt;gre-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny ip any host \u0026lt;gre-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit IP-in-IPv4 Only\u003cp\u003eThis IPv4 ACL matches on IP-in-IPv4 packets as follows:\u003cbr\u003e(a) IP next protocol = IPv4 (4) or IPv6 (41)\u003cbr\u003e(b) IP DIP = IP-in-IP Decap IP\u003c/p\u003e\u003cp\u003eIt allows IP-in-IPv4 packets and drops all other packets to the IP-in-IPv4 Decap IP.\u003c/p\u003e\u003cpre\u003eip access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit 4 any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit 41 any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ip any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to Permit IP-in-IPv6 Only\u003cp\u003eThis IPv6 ACL matches on IP-in-IPv6 packets as follows:\u003cbr\u003e(a) IP next protocol = IPv4 (4) or IPv6 (41)\u003cbr\u003e(b) IP DIP = IP-in-IP Decap IP\u003c/p\u003e\u003cp\u003eIt allows IP-in-IPv6 packets and drops all other packets to the IP-in-IPv6 Decap IP.\u003c/p\u003e\u003cpre\u003eipv6 access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit 4 any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit 41 any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ipv6 any host \u0026lt;ipip-decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit ipv6 any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit GUEv4 Only\u003cp\u003eThis IPv4 ACL matches on GUE packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (17)\u003cbr\u003e(b) IP DIP = GUE Decap IP\u003cbr\u003e(c) UDP destination port = UDP port configured per payload\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp; \u0026nbsp;\u0026nbsp;\u0026nbsp;(IP = Y or MPLS = Z)\u003c/p\u003e\u003cp\u003eIt allows GUE packets and drops all other packets to the GUE Decap IP.\u003c/p\u003e\u003cpre\u003eip access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit udp any host \u0026lt;decap-ip\u0026gt; eq Y\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit udp any host \u0026lt;decap-ip\u0026gt; eq Z\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ip any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit ip any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to Permit GUEv6 Only\u003cp\u003eThis IPv6 ACL matches on GUE packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (17)\u003cbr\u003e(b) IP DIP = GUE Decap IP\u003cbr\u003e(c) UDP destination port = UDP port configured per payload\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; (IP = Y or MPLS = Z)\u003c/p\u003e\u003cp\u003eIt allows GUE packets and drops all other packets to the GUE Decap IP.\u003c/p\u003e\u003cpre\u003eipv6 access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit udp any host \u0026lt;decap-ip\u0026gt; eq Y\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit udp any host \u0026lt;decap-ip\u0026gt; eq Z\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ipv6 any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit ipv6 any any\u003c/pre\u003e"
}
],
"value": "Approach 1 - Applying ACL on Upstream Switches\n\nOn upstream devices, applying ACLs to allow specific tunneled traffic is straightforward. ACLs can be applied that match on tunnel destination IP, the IP next protocol field, and (optionally) UDP destination port to selectively allow or block specific tunnel protocols.\n\n\n\nExample ACLs for Arista EOS follows.\n\nACL to permit VXLANv4 Only\n\nThis IPv4 ACL matches on VXLAN packets as follows:\n(a) IP next protocol = UDP (17)\n(b) IP DIP = VXLAN VTEP IP\n(c) UDP destination port = VXLAN UDP Port (4789)\n\n\n\nIt allows VXLAN packets and drops all other packets to the VXLAN Decap IP.\n\n\n\nip access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit udp any host \u003cvxlan-decap-ip\u003e eq 4789\n\u00a0\u00a0\u00a02 deny ip any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a03 permit ip any any\n\n\n\u00a0\n\nACL to permit GREv4 Only\n\nThis IPv4 ACL matches on GRE packets as follows:\n(a) IP next protocol = GRE (47)\n(b) IP DIP = GRE Tunnel Destination IP\n\n\n\nIt allows GRE packets and drops all other packets to the GRE Decap IP.\n\n\n\nip access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit gre any host \u003cgre-decap-ip\u003e\n\u00a0\u00a0\u00a02 deny ip any host \u003cgre-decap-ip\u003e\n\u00a0\u00a0\u00a03 permit any any\n\n\n\u00a0\n\nACL to permit IP-in-IPv4 Only\n\nThis IPv4 ACL matches on IP-in-IPv4 packets as follows:\n(a) IP next protocol = IPv4 (4) or IPv6 (41)\n(b) IP DIP = IP-in-IP Decap IP\n\n\n\nIt allows IP-in-IPv4 packets and drops all other packets to the IP-in-IPv4 Decap IP.\n\n\n\nip access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit 4 any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a02 permit 41 any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a03 deny ip any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a04 permit any any\n\n\n\u00a0\n\nACL to Permit IP-in-IPv6 Only\n\nThis IPv6 ACL matches on IP-in-IPv6 packets as follows:\n(a) IP next protocol = IPv4 (4) or IPv6 (41)\n(b) IP DIP = IP-in-IP Decap IP\n\n\n\nIt allows IP-in-IPv6 packets and drops all other packets to the IP-in-IPv6 Decap IP.\n\n\n\nipv6 access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit 4 any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a02 permit 41 any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a03 deny ipv6 any host \u003cipip-decap-ip\u003e\n\u00a0\u00a0\u00a04 permit ipv6 any any\n\n\n\u00a0\n\nACL to permit GUEv4 Only\n\nThis IPv4 ACL matches on GUE packets as follows:\n(a) IP next protocol = UDP (17)\n(b) IP DIP = GUE Decap IP\n(c) UDP destination port = UDP port configured per payload\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0(IP = Y or MPLS = Z)\n\n\n\nIt allows GUE packets and drops all other packets to the GUE Decap IP.\n\n\n\nip access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit udp any host \u003cdecap-ip\u003e eq Y\n\u00a0\u00a0\u00a02 permit udp any host \u003cdecap-ip\u003e eq Z\n\u00a0\u00a0\u00a03 deny ip any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a04 permit ip any any\n\n\n\u00a0\n\nACL to Permit GUEv6 Only\n\nThis IPv6 ACL matches on GUE packets as follows:\n(a) IP next protocol = UDP (17)\n(b) IP DIP = GUE Decap IP\n(c) UDP destination port = UDP port configured per payload\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (IP = Y or MPLS = Z)\n\n\n\nIt allows GUE packets and drops all other packets to the GUE Decap IP.\n\n\n\nipv6 access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit udp any host \u003cdecap-ip\u003e eq Y\n\u00a0\u00a0\u00a02 permit udp any host \u003cdecap-ip\u003e eq Z\n\u00a0\u00a0\u00a03 deny ipv6 any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a04 permit ipv6 any any"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eApproach 2 - Applying ACL on Decapsulation Switches\u003c/h3\u003e\u003cp\u003eApplying ACLs on the decapsulation device is more complicated. It requires the use of MAC ACLs on 7020R Series, 7280R/R2 Series, and 7500R/R2 Series systems and IP ACLs on 7280R3 Series, 7500R3 Series, and 7800R3 Series systems. In both cases, a TCAM profile update is also required. Note that TCAM profile update is a disruptive operation that could impact traffic forwarding. More information can be found in\u0026nbsp;\u003ca href=\"https://www.arista.com/en/support/toi/eos-4-26-0f/14755-user-defined-tcam-profiles\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eUser-defined TCAM Profiles\u003c/a\u003e.\u003c/p\u003e7020R Series, 7280R/R2 Series, and 7500R/R2 Series\u003cp\u003eMitigation involves using MAC ACLs to allow specific expected protocol packets and block all other traffic to the configured decap IPs. The suggested MAC ACLs use User Defined Fields (UDFs) to match on specific fields in the packet headers. This requires a TCAM profile update to include the following UDF qualifiers:\u003c/p\u003e\u003col\u003e\u003cli\u003eFor IPv4 tunnels, 2 16b and 1 32b UDF qualifiers need to be included.\u003c/li\u003e\u003cli\u003eFor IPv6 tunnels, 2 16b and 4 32b UDF qualifiers need to be included.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eHowever, in order to make room for the UDF qualifiers, other TCAM features/qualifiers must be removed due to hardware constraints. Following are some suggested TCAM profile changes to accommodate the required UDF qualifiers:\u003c/p\u003e\u003col\u003e\u003cli\u003eTCAM profile that includes the UDF qualifiers for IPv4 tunnels, but removes support for MPLS:\u003cbr\u003e\u003cpre\u003ehardware tcam\n\u0026nbsp;\u0026nbsp;\u0026nbsp;profile test copy default\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;feature acl port mac\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no key size limit\u0026nbsp;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;key field udf-16b-1 udf-16b-2 udf-32b-1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature mpls\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature mpls pop ingress\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature pbr mpls\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u0026nbsp;\u003c/li\u003e\u003cli\u003eTCAM profile that includes the UDF qualifiers for IPv4 tunnels, but removes support for VXLAN:\u003cbr\u003e\u003cpre\u003ehardware tcam\n\u0026nbsp;\u0026nbsp;\u0026nbsp;profile test copy default\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;feature acl port mac\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no key field src-mac\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;key field udf-16b-1 udf-16b-2 udf-32b-1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u0026nbsp;\u0026nbsp;\u003c/li\u003e\u003cli\u003eTCAM profile that includes the UDF qualifiers for IPv6 tunnels, but removes support for VXLAN and PBR:\u003cbr\u003e\u003cpre\u003ehardware tcam\n\u0026nbsp;\u0026nbsp;\u0026nbsp;profile test1 copy default\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;feature acl port mac\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no key size limit\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no key field src-mac dst-mac\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;key field udf-16b-1 udf-16b-2 udf-32b-1 udf-32b-2 udf-32b-3 udf-32b-4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature tunnel vxlan\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature tunnel vxlan routing\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature pbr ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;no feature pbr ipv6\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003ePlease contact Arista TAC if further assistance is needed with TCAM profile construction.\u003c/p\u003e"
}
],
"value": "Approach 2 - Applying ACL on Decapsulation Switches\n\nApplying ACLs on the decapsulation device is more complicated. It requires the use of MAC ACLs on 7020R Series, 7280R/R2 Series, and 7500R/R2 Series systems and IP ACLs on 7280R3 Series, 7500R3 Series, and 7800R3 Series systems. In both cases, a TCAM profile update is also required. Note that TCAM profile update is a disruptive operation that could impact traffic forwarding. More information can be found in\u00a0 User-defined TCAM Profiles https://www.arista.com/en/support/toi/eos-4-26-0f/14755-user-defined-tcam-profiles .\n\n7020R Series, 7280R/R2 Series, and 7500R/R2 Series\n\nMitigation involves using MAC ACLs to allow specific expected protocol packets and block all other traffic to the configured decap IPs. The suggested MAC ACLs use User Defined Fields (UDFs) to match on specific fields in the packet headers. This requires a TCAM profile update to include the following UDF qualifiers:\n\n * For IPv4 tunnels, 2 16b and 1 32b UDF qualifiers need to be included.\n * For IPv6 tunnels, 2 16b and 4 32b UDF qualifiers need to be included.\n\n\nHowever, in order to make room for the UDF qualifiers, other TCAM features/qualifiers must be removed due to hardware constraints. Following are some suggested TCAM profile changes to accommodate the required UDF qualifiers:\n\n * TCAM profile that includes the UDF qualifiers for IPv4 tunnels, but removes support for MPLS:\n\n\nhardware tcam\n\u00a0\u00a0\u00a0profile test copy default\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0feature acl port mac\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no key size limit\u00a0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key field udf-16b-1 udf-16b-2 udf-32b-1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature mpls\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature mpls pop ingress\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature pbr mpls\n\n\n\u00a0\n\n\u00a0\n * TCAM profile that includes the UDF qualifiers for IPv4 tunnels, but removes support for VXLAN:\n\n\nhardware tcam\n\u00a0\u00a0\u00a0profile test copy default\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0feature acl port mac\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no key field src-mac\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key field udf-16b-1 udf-16b-2 udf-32b-1\n\n\n\u00a0\n\n\u00a0\u00a0\n * TCAM profile that includes the UDF qualifiers for IPv6 tunnels, but removes support for VXLAN and PBR:\n\n\nhardware tcam\n\u00a0\u00a0\u00a0profile test1 copy default\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0feature acl port mac\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no key size limit\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no key field src-mac dst-mac\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0key field udf-16b-1 udf-16b-2 udf-32b-1 udf-32b-2 udf-32b-3 udf-32b-4\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature tunnel vxlan\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature tunnel vxlan routing\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature pbr ip\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0no feature pbr ipv6\n\n\n\n\u00a0\n\n\n\nPlease contact Arista TAC if further assistance is needed with TCAM profile construction."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ACL to permit VXLAN v4 Decap only\u003cp\u003eThis MAC ACL uses UDF to match on VXLAN packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (0x11)\u003cbr\u003e(b) IP DIP = VXLAN VTEP IP (say 0xXXXXXXXX - converted in hex)\u003cbr\u003e(c) UDP destination port = VXLAN UDP Port (0x12b5)\u003c/p\u003e\u003cp\u003eIt allows VXLAN packets and drops all other packets to the VXLAN Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ip-next-protocol-udp offset 2 pattern 0x00110000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\nmac access-list payload alias udp-dport-vxlan offset 5 pattern 0x000012b5 mask 0xffff0000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-vxlan\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit GREv4 Decap Only\u003cp\u003eThis MAC ACL uses UDF to match on GRE packets as follows:\u003cbr\u003e(a) IP next protocol = GRE (0x2f)\u003cbr\u003e(b) IP DIP = GRE Decap IP (say 0xXXXXXXXX - converted in hex)\u003c/p\u003e\u003cp\u003eIt allows GRE packets and drops all other packets to the GRE Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ip-next-protocol-gre offset 2 pattern 0x002f0000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf needed, the ACL can also be tweaked to match on specific GRE payloads as follows:\u003c/p\u003e\u003ci\u003eIPv4oGRE\u003c/i\u003e\u003cp\u003eACL also matches on GRE next protocol = IPv4 (0x0800)\u003c/p\u003e\u003cpre\u003emac access-list payload alias gre-protocol-ipv4 offset 5 pattern 0x00000800 mask 0xffff0000\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-ipv4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ci\u003eIPv6oGRE\u003c/i\u003e\u003cp\u003eACL also matches on GRE next protocol = IPv6 (0x86dd)\u003c/p\u003e\u003cpre\u003emac access-list payload alias gre-protocol-ipv6 offset 5 pattern 0x000086dd mask 0xffff0000\nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-ipv6\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ci\u003eMPLSoGRE\u003c/i\u003e\u003cp\u003eACL also matches on GRE next protocol = MPLS (0x8847)\u003c/p\u003e\u003cpre\u003emac access-list payload alias gre-protocol-mpls offset 5 pattern 0x00008847 mask 0xffff0000\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-mpls\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 permit any any\u003c/pre\u003e"
}
],
"value": "ACL to permit VXLAN v4 Decap only\n\nThis MAC ACL uses UDF to match on VXLAN packets as follows:\n(a) IP next protocol = UDP (0x11)\n(b) IP DIP = VXLAN VTEP IP (say 0xXXXXXXXX - converted in hex)\n(c) UDP destination port = VXLAN UDP Port (0x12b5)\n\n\n\nIt allows VXLAN packets and drops all other packets to the VXLAN Decap IP.\n\n\n\nmac access-list payload alias ip-next-protocol-udp offset 2 pattern 0x00110000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n\u00a0\u00a0\u00a0\u00a0\nmac access-list payload alias udp-dport-vxlan offset 5 pattern 0x000012b5 mask 0xffff0000\n\u00a0\u00a0\u00a0\u00a0\nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-vxlan\n\u00a0\u00a0\u00a02 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 permit any any\n\n\n\u00a0\n\nACL to permit GREv4 Decap Only\n\nThis MAC ACL uses UDF to match on GRE packets as follows:\n(a) IP next protocol = GRE (0x2f)\n(b) IP DIP = GRE Decap IP (say 0xXXXXXXXX - converted in hex)\n\n\n\nIt allows GRE packets and drops all other packets to the GRE Decap IP.\n\n\n\nmac access-list payload alias ip-next-protocol-gre offset 2 pattern 0x002f0000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n \nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip\n\u00a0\u00a0\u00a02 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 permit any any\n\n\n\u00a0\n\n\n\nIf needed, the ACL can also be tweaked to match on specific GRE payloads as follows:\n\nIPv4oGRE\n\nACL also matches on GRE next protocol = IPv4 (0x0800)\n\n\n\nmac access-list payload alias gre-protocol-ipv4 offset 5 pattern 0x00000800 mask 0xffff0000\n \nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-ipv4\n\u00a0\u00a0\u00a02 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 permit any any\n\n\n\u00a0\n\nIPv6oGRE\n\nACL also matches on GRE next protocol = IPv6 (0x86dd)\n\n\n\nmac access-list payload alias gre-protocol-ipv6 offset 5 pattern 0x000086dd mask 0xffff0000\nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-ipv6\n\u00a0\u00a0\u00a02 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 permit any any\n\n\n\u00a0\n\nMPLSoGRE\n\nACL also matches on GRE next protocol = MPLS (0x8847)\n\n\n\nmac access-list payload alias gre-protocol-mpls offset 5 pattern 0x00008847 mask 0xffff0000\n \nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-gre alias ip-dip-decap-ip alias gre-protocol-mpls\n\u00a0\u00a0\u00a02 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 permit any any"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ACL to permit IP-in-IPv4 Decap Only\u003cp\u003eThis MAC ACL uses UDF to match on IP-in-IP packets as follows:\u003cbr\u003e(a) IP next protocol = IPv4 (0x04) or IPv6 (0x29)\u003cbr\u003e(b) IP DIP = IP-in-IP Decap IP (say 0xXXXXXXXX - converted in hex)\u003c/p\u003e\u003cp\u003eIt allows IP-in-ip packets and drops all other packets to the IP-in-IP Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ip-next-protocol-ipv4 offset 2 pattern 0x00040000 mask 0xff00ffff\n \nmac access-list payload alias ip-next-protocol-ipv6 offset 2 pattern 0x00290000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-ipv4 alias ip-dip-decap-ip\u0026nbsp;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit any any ip payload alias ip-next-protocol-ipv6 alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit GUEv4 Decap Only\u003cp\u003eThis MAC ACL uses UDF to match on GUE packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (0x11)\u003cbr\u003e(b) IP DIP = GUE Decap IP (say 0xXXXXXXXX - converted in hex)\u003cbr\u003e(c) UDP destination port = UDP port configured per payload\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;(say UDP port for IP payload = 0xYYYY or UDP port for MPLS payload = 0xZZZZ - converted in hex)\u003c/p\u003e\u003cp\u003eIt allows GUE packets and drops all other packets to the GUE Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ip-next-protocol-udp offset 2 pattern 0x00110000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n \nmac access-list payload alias udp-dport-gue-ip offset 5 pattern 0x0000YYYY mask 0xffff0000\n \nmac access-list payload alias udp-dport-gue-mpls offset 5 pattern 0x0000ZZZZ mask 0xffff0000\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-gue-mpls\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-gue-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny any any ip payload alias ip-dip-decap-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to permit GUEv6 Decap Only\u003cp\u003eThis MAC ACL uses UDF to match on GUE packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (0x11)\u003cbr\u003e(b) IPv6 DIP = GUE Decap IP (say 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD - converted in hex)\u003cbr\u003e(c) UDP destination port = UDP port configured per payload\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; (say UDP port for IP payload = 0xYYYY or UDP port for MPLS payload = 0xZZZZ - converted in hex)\u003c/p\u003e\u003cp\u003eIt allows GUE packets and drops all other packets to the GUE Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ipv6-next-protocol-udp offset 1 pattern 0x00001100 mask 0xffff00ff\n \nmac access-list payload alias udp-dport-gue-ip offset 10 pattern 0x0000YYYY mask 0xffff0000\n \nmac access-list payload alias udp-dport-gue-mpls offset 10 pattern 0x0000ZZZZ mask 0xffff0000\n \nmac access-list payload alias ipv6-dip-decap-ip1 offset 6 pattern 0xAAAAAAAA mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip2 offset 7 pattern 0xBBBBBBBB mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip3 offset 8 pattern 0xCCCCCCCC mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip4 offset 9 pattern 0xDDDDDDDD mask 0\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ipv6 payload alias ipv6-next-protocol-udp alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4 alias udp-dport-gue-ip\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit any any ipv6 payload alias ipv6-next-protocol-udp alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4 alias udp-dport-gue-mpls\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny any any ipv6 payload alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit any any\u003c/pre\u003e"
}
],
"value": "ACL to permit IP-in-IPv4 Decap Only\n\nThis MAC ACL uses UDF to match on IP-in-IP packets as follows:\n(a) IP next protocol = IPv4 (0x04) or IPv6 (0x29)\n(b) IP DIP = IP-in-IP Decap IP (say 0xXXXXXXXX - converted in hex)\n\n\n\nIt allows IP-in-ip packets and drops all other packets to the IP-in-IP Decap IP.\n\n\n\nmac access-list payload alias ip-next-protocol-ipv4 offset 2 pattern 0x00040000 mask 0xff00ffff\n \nmac access-list payload alias ip-next-protocol-ipv6 offset 2 pattern 0x00290000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-ipv4 alias ip-dip-decap-ip\u00a0\n\u00a0\u00a0\u00a02 permit any any ip payload alias ip-next-protocol-ipv6 alias ip-dip-decap-ip\n\u00a0\u00a0\u00a03 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a04 permit any any\n\n\n\u00a0\n\nACL to permit GUEv4 Decap Only\n\nThis MAC ACL uses UDF to match on GUE packets as follows:\n(a) IP next protocol = UDP (0x11)\n(b) IP DIP = GUE Decap IP (say 0xXXXXXXXX - converted in hex)\n(c) UDP destination port = UDP port configured per payload\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0(say UDP port for IP payload = 0xYYYY or UDP port for MPLS payload = 0xZZZZ - converted in hex)\n\n\n\nIt allows GUE packets and drops all other packets to the GUE Decap IP.\n\n\n\nmac access-list payload alias ip-next-protocol-udp offset 2 pattern 0x00110000 mask 0xff00ffff\n \nmac access-list payload alias ip-dip-decap-ip offset 4 pattern 0xXXXXXXXX mask 0x00000000\n \nmac access-list payload alias udp-dport-gue-ip offset 5 pattern 0x0000YYYY mask 0xffff0000\n \nmac access-list payload alias udp-dport-gue-mpls offset 5 pattern 0x0000ZZZZ mask 0xffff0000\n \nmac access-list foo\n\u00a0\u00a0\u00a01 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-gue-mpls\n\u00a0\u00a0\u00a02 permit any any ip payload alias ip-next-protocol-udp alias ip-dip-decap-ip alias udp-dport-gue-ip\n\u00a0\u00a0\u00a03 deny any any ip payload alias ip-dip-decap-ip\n\u00a0\u00a0\u00a04 permit any any\n\n\n\u00a0\n\nACL to permit GUEv6 Decap Only\n\nThis MAC ACL uses UDF to match on GUE packets as follows:\n(a) IP next protocol = UDP (0x11)\n(b) IPv6 DIP = GUE Decap IP (say 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD - converted in hex)\n(c) UDP destination port = UDP port configured per payload\n\u00a0\u00a0\u00a0\u00a0\u00a0 (say UDP port for IP payload = 0xYYYY or UDP port for MPLS payload = 0xZZZZ - converted in hex)\n\n\n\nIt allows GUE packets and drops all other packets to the GUE Decap IP.\n\n\n\nmac access-list payload alias ipv6-next-protocol-udp offset 1 pattern 0x00001100 mask 0xffff00ff\n \nmac access-list payload alias udp-dport-gue-ip offset 10 pattern 0x0000YYYY mask 0xffff0000\n \nmac access-list payload alias udp-dport-gue-mpls offset 10 pattern 0x0000ZZZZ mask 0xffff0000\n \nmac access-list payload alias ipv6-dip-decap-ip1 offset 6 pattern 0xAAAAAAAA mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip2 offset 7 pattern 0xBBBBBBBB mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip3 offset 8 pattern 0xCCCCCCCC mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip4 offset 9 pattern 0xDDDDDDDD mask 0\n \nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ipv6 payload alias ipv6-next-protocol-udp alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4 alias udp-dport-gue-ip\n\u00a0\u00a0\u00a02 permit any any ipv6 payload alias ipv6-next-protocol-udp alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4 alias udp-dport-gue-mpls\n\u00a0\u00a0\u00a03 deny any any ipv6 payload alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u00a0\u00a0\u00a04 permit any any"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ACL to permit IP-in-IPv6 Decap Only\u003cp\u003eThe MAC ACL uses UDF to match on IP-in-IPv6 packets as follows:\u003cbr\u003e(a) IP next protocol = IPv4 (4) or IPv6 (41)\u003cbr\u003e(b) IPv6 DIP = IP-in-IP Decap IP (say 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD - converted in hex)\u003c/p\u003e\u003cp\u003eIt allows IP-in-ip packets and drops all other packets to the IP-in-IP Decap IP.\u003c/p\u003e\u003cpre\u003emac access-list payload alias ipv6-next-protocol-ipv4 offset 1 pattern 0x00000400 mask 0xffff00ff\n \nmac access-list payload alias ipv6-next-protocol-ipv6 offset 1 pattern 0x00002900 mask 0xffff00ff\n \nmac access-list payload alias ipv6-dip-decap-ip1 offset 6 pattern 0xAAAAAAAA mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip2 offset 7 pattern 0xBBBBBBBB mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip3 offset 8 pattern 0xCCCCCCCC mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip4 offset 9 pattern 0xDDDDDDDD mask 0\n \nmac access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit any any ipv6 payload alias ipv6-next-protocol-ipv4 alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit any any ipv6 payload alias ipv6-next-protocol-ipv6 alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny any any ipv6 payload alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch3\u003e7280R3 Series, 7500R3 Series, and 7800R3 Series\u003c/h3\u003e\u003cp\u003eMitigation involves using IPv6 PACLs to allow specific expected protocol packets and block all other traffic to the configured decap IPs. This requires the following TCAM profile update with the specified packet types:\u003c/p\u003e\u003cpre\u003ehardware tcam\n\u0026nbsp;\u0026nbsp;\u0026nbsp;profile test\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;feature acl port ipv6\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;packet ipv6 ipv4 forwarding routed decap\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;packet ipv6 ipv6 forwarding routed decap\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;packet ipv6 gue ipv4 forwarding routed decap\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;packet ipv6 gue ipv6 forwarding routed decap\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;packet ipv6 gue mpls forwarding mpls decap\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eNote that introducing new packet types might also require specifying them under other features such as \u201cacl vlan\u201d or \u201cqos ipv6\u201d. Please reach out, if further assistance is needed with TCAM profile construction.\u003c/p\u003eACL to Permit GUEv6 Only\u003cp\u003eThis IPv6 ACL matches on GUE packets as follows:\u003cbr\u003e(a) IP next protocol = UDP (0x11)\u003cbr\u003e(b) IP DIP = GUE Decap IP\u003cbr\u003e(c) UDP destination port = UDP port configured per payload\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; (IP = Y or MPLS = Z)\u003c/p\u003e\u003cp\u003eIt allows GUE packets and drops all other packets to the GUE Decap IP.\u003c/p\u003e\u003cpre\u003eipv6 access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit udp any host \u0026lt;decap-ip\u0026gt; eq Y\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit udp any host \u0026lt;decap-ip\u0026gt; eq Z\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ipv6 any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit ipv6 any any\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eACL to Permit IP-in-IPv6 Only\u003cp\u003eThis IPv6 ACL matches on IP-in-IPv6 packets as follows:\u003cbr\u003e(a) IP next protocol = IPv4 (4) or IPv6 (41)\u003cbr\u003e(b) IP DIP = IP-in-IP Decap IP\u003c/p\u003e\u003cp\u003eIt allows IP-in-IPv6 packets and drops all other packets to the IP-in-IPv6 Decap IP.\u003c/p\u003e\u003cpre\u003eipv6 access-list foo\n\u0026nbsp;\u0026nbsp;\u0026nbsp;counters per-entry\n\u0026nbsp;\u0026nbsp;\u0026nbsp;1 permit 4 any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;2 permit 41 any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;3 deny ipv6 any host \u0026lt;decap-ip\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;4 permit ipv6 any any\u003c/pre\u003e"
}
],
"value": "ACL to permit IP-in-IPv6 Decap Only\n\nThe MAC ACL uses UDF to match on IP-in-IPv6 packets as follows:\n(a) IP next protocol = IPv4 (4) or IPv6 (41)\n(b) IPv6 DIP = IP-in-IP Decap IP (say 0xAAAAAAAABBBBBBBBCCCCCCCCDDDDDDDD - converted in hex)\n\n\n\nIt allows IP-in-ip packets and drops all other packets to the IP-in-IP Decap IP.\n\n\n\nmac access-list payload alias ipv6-next-protocol-ipv4 offset 1 pattern 0x00000400 mask 0xffff00ff\n \nmac access-list payload alias ipv6-next-protocol-ipv6 offset 1 pattern 0x00002900 mask 0xffff00ff\n \nmac access-list payload alias ipv6-dip-decap-ip1 offset 6 pattern 0xAAAAAAAA mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip2 offset 7 pattern 0xBBBBBBBB mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip3 offset 8 pattern 0xCCCCCCCC mask 0\n \nmac access-list payload alias ipv6-dip-decap-ip4 offset 9 pattern 0xDDDDDDDD mask 0\n \nmac access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit any any ipv6 payload alias ipv6-next-protocol-ipv4 alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u00a0\u00a0\u00a02 permit any any ipv6 payload alias ipv6-next-protocol-ipv6 alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u00a0\u00a0\u00a03 deny any any ipv6 payload alias ipv6-dip-decap-ip1 alias ipv6-dip-decap-ip2 alias ipv6-dip-decap-ip3 alias ipv6-dip-decap-ip4\n\u00a0\u00a0\u00a04 permit any any\n\n\n\u00a0\n\n7280R3 Series, 7500R3 Series, and 7800R3 Series\n\nMitigation involves using IPv6 PACLs to allow specific expected protocol packets and block all other traffic to the configured decap IPs. This requires the following TCAM profile update with the specified packet types:\n\n\n\nhardware tcam\n\u00a0\u00a0\u00a0profile test\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0feature acl port ipv6\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0packet ipv6 ipv4 forwarding routed decap\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0packet ipv6 ipv6 forwarding routed decap\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0packet ipv6 gue ipv4 forwarding routed decap\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0packet ipv6 gue ipv6 forwarding routed decap\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0packet ipv6 gue mpls forwarding mpls decap\n\n\n\u00a0\n\n\n\nNote that introducing new packet types might also require specifying them under other features such as \u201cacl vlan\u201d or \u201cqos ipv6\u201d. Please reach out, if further assistance is needed with TCAM profile construction.\n\nACL to Permit GUEv6 Only\n\nThis IPv6 ACL matches on GUE packets as follows:\n(a) IP next protocol = UDP (0x11)\n(b) IP DIP = GUE Decap IP\n(c) UDP destination port = UDP port configured per payload\n\u00a0\u00a0\u00a0\u00a0\u00a0 (IP = Y or MPLS = Z)\n\n\n\nIt allows GUE packets and drops all other packets to the GUE Decap IP.\n\n\n\nipv6 access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit udp any host \u003cdecap-ip\u003e eq Y\n\u00a0\u00a0\u00a02 permit udp any host \u003cdecap-ip\u003e eq Z\n\u00a0\u00a0\u00a03 deny ipv6 any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a04 permit ipv6 any any\n\n\n\u00a0\n\nACL to Permit IP-in-IPv6 Only\n\nThis IPv6 ACL matches on IP-in-IPv6 packets as follows:\n(a) IP next protocol = IPv4 (4) or IPv6 (41)\n(b) IP DIP = IP-in-IP Decap IP\n\n\n\nIt allows IP-in-IPv6 packets and drops all other packets to the IP-in-IPv6 Decap IP.\n\n\n\nipv6 access-list foo\n\u00a0\u00a0\u00a0counters per-entry\n\u00a0\u00a0\u00a01 permit 4 any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a02 permit 41 any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a03 deny ipv6 any host \u003cdecap-ip\u003e\n\u00a0\u00a0\u00a04 permit ipv6 any any"
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-7473",
"datePublished": "2026-06-05T16:22:47.989Z",
"dateReserved": "2026-04-29T20:08:22.118Z",
"dateUpdated": "2026-06-05T16:22:47.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5088 (GCVE-0-2025-5088)
Vulnerability from cvelistv5 – Published: 2026-06-05 15:58 – Updated: 2026-06-05 15:58
VLAI
Title
Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
Summary
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including authentication, occurs over plaintext in the present day. TLS support is tracked under RFE1294850.
Severity
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS / CloudVision eXchange (CVX) |
Affected:
4.34.0F , ≤ 4.34.1F
(custom)
Affected: 4.33.0M , ≤ 4.33.4M (custom) Affected: 4.32.0M , ≤ 4.32.6M (custom) Affected: 4.31.0M , ≤ 4.31.8M (custom) Affected: 4.30.0 , < 4.31.0 (custom) |
Date Public
2025-11-18 00:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS / CloudVision eXchange (CVX)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.6M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.8M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThan": "4.31.0",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-5088, the following condition must be met: MCS Service must be configured:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecvx1#show cvx service mcs\nMcs\n Status: Enabled\n Supported versions: 1\n \n Switch Status Negotiated Version\n ------ ------- ------------------\n \u0026lt;Switch1\u0026gt; Enabled 1\n \ncvx1#show running-config section mcs\ncvx\n service mcs\n redis password 7 03054902151B20\n no shutdown\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf MCS Service is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecvx1#show cvx service mcs\nMcs\n Status: Disabled\n Supported versions: 1\n \n Switch Status Negotiated Version\n ------ -------- ------------------\n \u0026lt;Switch1\u0026gt; Disabled\u003c/code\u003e\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-5088, the following condition must be met: MCS Service must be configured:\n\n\n\n\ncvx1#show cvx service mcs\nMcs\n Status: Enabled\n Supported versions: 1\n \n Switch Status Negotiated Version\n ------ ------- ------------------\n \u003cSwitch1\u003e Enabled 1\n \ncvx1#show running-config section mcs\ncvx\n service mcs\n redis password 7 03054902151B20\n no shutdown\n\n\n\n\nIf MCS Service is not configured there is no exposure to this issue and the message will look like:\n\n\n\n\ncvx1#show cvx service mcs\nMcs\n Status: Disabled\n Supported versions: 1\n \n Switch Status Negotiated Version\n ------ -------- ------------------\n \u003cSwitch1\u003e Disabled"
}
],
"datePublic": "2025-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including authentication, occurs over plaintext in the present day. TLS support is tracked under RFE1294850.\u003c/p\u003e"
}
],
"value": "An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including authentication, occurs over plaintext in the present day. TLS support is tracked under RFE1294850."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T15:58:15.288Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-5088 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.7M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-5088 has been fixed in the following releases:\n\n * 4.34.2F and later releases in the 4.34.x train\n * 4.33.5M and later releases in the 4.33.x train\n * 4.32.7M and later releases in the 4.32.x train\n * 4.31.9M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "0126",
"defect": [
"BUG1140117"
],
"discovery": "INTERNAL"
},
"title": "Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo run the redis-server as a dedicated \"redis\" user and group on the CVX server, follow these steps, ensuring all changes are applied correctly and the service restarts smoothly. This approach enhances security by isolating the Redis process with its own user and group permissions.\u003c/p\u003e\u003cp\u003ePlease ensure that these mitigation steps are tested thoroughly in a non-production environment prior to production deployment.\u003c/p\u003e\u003cdiv\u003e\u003cb\u003eLog in to the CVX Server\u003c/b\u003e\u003c/div\u003e\u003cp\u003eAccess your CVX server (e.g. using SSH) using the appropriate credentials. This is the initial point of access for all subsequent configuration changes.\u003c/p\u003e\u003cdiv\u003e\u003cb\u003eStop Redis Before Applying Changes\u003c/b\u003e\u003c/div\u003e\u003cp\u003eIt is crucial to stop Redis to prevent data corruption or conflicts while modifying its configuration. This is achieved by unconfiguring the Redis password on the MCS service.\u003c/p\u003e\u003cp\u003eExecuting \u003ci\u003eno redis password\u003c/i\u003e stops the Redis service by removing its authentication credentials, which prevents it from running.\u003c/p\u003e\u003cpre\u003ecvx\u0026gt;enable\ncvx#config\ncvx(config)#cvx\ncvx(config-cvx)#service mcs\ncvx(config-cvx-mcs)#no redis password\ncvx(config-cvx-mcs)#\u003c/pre\u003e\u003cdiv\u003e\u003cb\u003eEdit the redis.service Systemd Service File\u003c/b\u003e\u003c/div\u003e\u003cp\u003eThis step involves modifying the systemd service file for Redis to specify the dedicated user and group under which Redis will run.\u003c/p\u003e\u003cp\u003eFirst, transition to bash mode from the CVX configuration prompt:\u003c/p\u003e\u003cpre\u003ecvx(config-cvx-mcs)#bash\u003c/pre\u003e\u003cp\u003eOnce in bash, use \u003ci\u003esudo nano\u003c/i\u003e to edit the redis.service file:\u003c/p\u003e\u003cpre\u003e[cvx ~]$sudo nano /etc/systemd/system/redis.service\u003c/pre\u003e\u003cdiv\u003e\u003cb\u003eAdd \u0027User\u0027 and \u0027Group\u0027 Directives to the [Service] Section\u003c/b\u003e\u003c/div\u003e\u003cp\u003eWithin the redis.service file, locate the [Service] section and add the following lines:\u003c/p\u003e\u003cpre\u003e[Service]\nUser=redis\nGroup=redis\u003c/pre\u003e\u003cp\u003eThis modification ensures that when the redis-server starts, it will execute under the context of the redis user and redis group, thereby enforcing stricter access controls and enhancing system security.\u003c/p\u003e\u003cp\u003eSave and exit the editor.\u003c/p\u003e\u003cdiv\u003e\u003cb\u003eChange Ownership of the Redis Log File\u003c/b\u003e\u003c/div\u003e\u003cp\u003eTo ensure the redis user has appropriate write permissions for its log file, change the ownership of \u003ci\u003e/var/log/redis/redis.log\u003c/i\u003e to the redis user and group.\u003c/p\u003e\u003cpre\u003e[cvx ~]$sudo chown redis:redis /var/log/redis/redis.log\u003c/pre\u003e\u003cp\u003eThis step is required for the Redis server to be able to write logs once it restarts under the new user and group.\u003c/p\u003e\u003cdiv\u003e\u003cb\u003eRestart the Redis with New Changes\u003c/b\u003e\u003c/div\u003e\u003cp\u003eAfter making all necessary modifications, restart the Redis to apply the new configuration. This is done by reconfiguring the Redis password, which will bring the service back online.\u003c/p\u003e\u003cp\u003eFirst, exit bash mode:\u003c/p\u003e\u003cpre\u003e[cvx ~]$exit\u003c/pre\u003e\u003cp\u003eThen, reconfigure the Redis password:\u003c/p\u003e\u003cpre\u003ecvx(config-cvx-mcs)#redis password \u0026lt;secret\u0026gt;\u003c/pre\u003e\u003cp\u003eReplace \u003ci\u003e\u0026lt;secret\u0026gt;\u003c/i\u003e with your actual Redis password. This action will re-enable the Redis, and it will now run with the specified redis user and redis group.\u003c/p\u003e\u003cp\u003e\u003cb\u003eNOTE:\u003c/b\u003e Following a CVX server reload or power cycle, all previously mentioned steps must be repeated.\u003c/p\u003e"
}
],
"value": "To run the redis-server as a dedicated \"redis\" user and group on the CVX server, follow these steps, ensuring all changes are applied correctly and the service restarts smoothly. This approach enhances security by isolating the Redis process with its own user and group permissions.\n\n\n\nPlease ensure that these mitigation steps are tested thoroughly in a non-production environment prior to production deployment.\n\nLog in to the CVX Server\n\n\n\nAccess your CVX server (e.g. using SSH) using the appropriate credentials. This is the initial point of access for all subsequent configuration changes.\n\nStop Redis Before Applying Changes\n\n\n\nIt is crucial to stop Redis to prevent data corruption or conflicts while modifying its configuration. This is achieved by unconfiguring the Redis password on the MCS service.\n\n\n\nExecuting no redis password stops the Redis service by removing its authentication credentials, which prevents it from running.\n\n\n\ncvx\u003eenable\ncvx#config\ncvx(config)#cvx\ncvx(config-cvx)#service mcs\ncvx(config-cvx-mcs)#no redis password\ncvx(config-cvx-mcs)#\n\nEdit the redis.service Systemd Service File\n\n\n\nThis step involves modifying the systemd service file for Redis to specify the dedicated user and group under which Redis will run.\n\n\n\nFirst, transition to bash mode from the CVX configuration prompt:\n\n\n\ncvx(config-cvx-mcs)#bash\n\n\n\nOnce in bash, use sudo nano to edit the redis.service file:\n\n\n\n[cvx ~]$sudo nano /etc/systemd/system/redis.service\n\nAdd \u0027User\u0027 and \u0027Group\u0027 Directives to the [Service] Section\n\n\n\nWithin the redis.service file, locate the [Service] section and add the following lines:\n\n\n\n[Service]\nUser=redis\nGroup=redis\n\n\n\nThis modification ensures that when the redis-server starts, it will execute under the context of the redis user and redis group, thereby enforcing stricter access controls and enhancing system security.\n\n\n\nSave and exit the editor.\n\nChange Ownership of the Redis Log File\n\n\n\nTo ensure the redis user has appropriate write permissions for its log file, change the ownership of /var/log/redis/redis.log to the redis user and group.\n\n\n\n[cvx ~]$sudo chown redis:redis /var/log/redis/redis.log\n\n\n\nThis step is required for the Redis server to be able to write logs once it restarts under the new user and group.\n\nRestart the Redis with New Changes\n\n\n\nAfter making all necessary modifications, restart the Redis to apply the new configuration. This is done by reconfiguring the Redis password, which will bring the service back online.\n\n\n\nFirst, exit bash mode:\n\n\n\n[cvx ~]$exit\n\n\n\nThen, reconfigure the Redis password:\n\n\n\ncvx(config-cvx-mcs)#redis password \u003csecret\u003e\n\n\n\nReplace \u003csecret\u003e with your actual Redis password. This action will re-enable the Redis, and it will now run with the specified redis user and redis group.\n\n\n\nNOTE: Following a CVX server reload or power cycle, all previously mentioned steps must be repeated."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-5088",
"datePublished": "2026-06-05T15:58:15.288Z",
"dateReserved": "2025-05-22T16:20:16.105Z",
"dateUpdated": "2026-06-05T15:58:15.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5090 (GCVE-0-2025-5090)
Vulnerability from cvelistv5 – Published: 2026-06-05 15:49 – Updated: 2026-06-05 15:49
VLAI
Title
Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
Summary
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.
Severity
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS / CloudVision eXchange (CVX) |
Affected:
4.34.0F , ≤ 4.34.1F
(custom)
Affected: 4.33.0M , ≤ 4.33.4M (custom) Affected: 4.32.0M , ≤ 4.32.6M (custom) Affected: 4.31.0 , < 4.32.0 (custom) Affected: 4.30.0 , < 4.31.0 (custom) |
Date Public
2025-11-18 16:46
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS / CloudVision eXchange (CVX)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.6M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThan": "4.32.0",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThan": "4.31.0",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-5090, the following condition must be met: CVX must be configured:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecvx1#show cvx\n Status: Enabled\n Mode: Standalone\n Heartbeat interval: 20.0\n Heartbeat timeout: 60.0\n Client connection state preserving: Disabled\n \ncvx1#show running-config section cvx\ncvx\n no shutdown\u003c/code\u003e\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-5090, the following condition must be met: CVX must be configured:\n\n\n\n\ncvx1#show cvx\n Status: Enabled\n Mode: Standalone\n Heartbeat interval: 20.0\n Heartbeat timeout: 60.0\n Client connection state preserving: Disabled\n \ncvx1#show running-config section cvx\ncvx\n no shutdown"
}
],
"datePublic": "2025-11-18T16:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.\u003c/p\u003e"
}
],
"value": "CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T15:49:27.770Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5090 has been fixed in the following releases:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\n \u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\n \u003cli\u003e4.32.7M and later releases in the 4.32.x train\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5090 has been fixed in the following releases:\n\n\n\n * 4.34.2F and later releases in the 4.34.x train\n\n * 4.33.5M and later releases in the 4.33.x train\n\n * 4.32.7M and later releases in the 4.32.x train"
}
],
"source": {
"advisory": "0126",
"defect": [
"BUG1139764"
],
"discovery": "INTERNAL"
},
"title": "Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is no mitigation for this issue.\u003c/p\u003e"
}
],
"value": "There is no mitigation for this issue."
}
],
"x_capecAlignment": {
"capecId": "CAPEC-125",
"capecName": "Flooding / Malformed Packet",
"justification": "An attacker with high privilege access over a downstream switch can emit unexpected or malformed TCP packets causing state management code on CVX (ControllerOob/Controllerdb) to throw unhandled faults, leading to ongoing client deregistration cycles and cluster instability."
},
"x_generator": {
"engine": "Vulnogram"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-5090",
"datePublished": "2026-06-05T15:49:27.770Z",
"dateReserved": "2025-05-22T16:26:48.444Z",
"dateUpdated": "2026-06-05T15:49:27.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5089 (GCVE-0-2025-5089)
Vulnerability from cvelistv5 – Published: 2026-06-05 15:44 – Updated: 2026-06-05 15:44
VLAI
Title
Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages
Summary
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.
Severity
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS / CloudVision eXchange (CVX) |
Affected:
4.34.0F , ≤ 4.34.1F
(custom)
Affected: 4.33.0M , ≤ 4.33.4M (custom) Affected: 4.32.0M , ≤ 4.32.6M (custom) Affected: 4.31.0M , ≤ 4.31.8M (custom) Affected: 4.30.0 , < 4.31.0 (custom) |
Date Public
2025-12-18 16:40
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS / CloudVision eXchange (CVX)",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.6M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.8M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThan": "4.31.0",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-5089, the following condition must be met: CVX must be configured:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ecvx1#show cvx\n Status: Enabled\n Mode: Standalone\n Heartbeat interval: 20.0\n Heartbeat timeout: 60.0\n Client connection state preserving: Disabled\n \ncvx1#show running-config section cvx\ncvx\n no shutdown\u003c/code\u003e\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-5089, the following condition must be met: CVX must be configured:\n\n\n\n\ncvx1#show cvx\n Status: Enabled\n Mode: Standalone\n Heartbeat interval: 20.0\n Heartbeat timeout: 60.0\n Client connection state preserving: Disabled\n \ncvx1#show running-config section cvx\ncvx\n no shutdown"
}
],
"datePublic": "2025-12-18T16:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.\u003c/p\u003e"
}
],
"value": "In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T15:44:45.822Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5089 has been fixed in the following releases:\u003c/p\u003e\n\u003cul\u003e\n \u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\n \u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\n \u003cli\u003e4.32.7M and later releases in the 4.32.x train\u003c/li\u003e\n \u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\n\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5089 has been fixed in the following releases:\n\n\n\n * 4.34.2F and later releases in the 4.34.x train\n\n * 4.33.5M and later releases in the 4.33.x train\n\n * 4.32.7M and later releases in the 4.32.x train\n\n * 4.31.9M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "0126",
"defect": [
"BUG1140255"
],
"discovery": "INTERNAL"
},
"title": "Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is no mitigation for this issue.\u003c/p\u003e"
}
],
"value": "There is no mitigation for this issue."
}
],
"x_capecAlignment": {
"capecId": "CAPEC-125",
"capecName": "Flooding / Malformed Packet",
"justification": "The attack leverages structurally malformed message payloads communicated over a trusted client/server connection interface to trigger unhandled parser logic, inducing an agent process crash (Denial of Service)."
},
"x_generator": {
"engine": "Vulnogram"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-5089",
"datePublished": "2026-06-05T15:44:45.822Z",
"dateReserved": "2025-05-22T16:26:45.461Z",
"dateUpdated": "2026-06-05T15:44:45.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8873 (GCVE-0-2025-8873)
Vulnerability from cvelistv5 – Published: 2026-06-04 23:04 – Updated: 2026-06-05 18:31
VLAI
Title
Arista EOS Dataplane Denial of Service via Malformed IPsec Packet
Summary
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0M , ≤ 4.33.4M
(custom)
Affected: 4.32.0M , ≤ 4.32.6.1M (custom) Affected: 4.31.0M , ≤ 4.31.7.1M (custom) Affected: 4.30.0M , ≤ 4.30.10M (custom) Affected: 4.29.0M , ≤ 4.29.10.1M (custom) |
Date Public
2026-06-04 22:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:31:22.291972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:31:35.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7020SRG Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.6.1M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.7.1M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.10M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.10.1M",
"status": "affected",
"version": "4.29.0M",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8873, the following condition must be met: IPsec must be configured:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eswitch\u0026gt;show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel Source Dest Status Uptime Input Output Rekey Time\nTunnel8 10.0.0.1 10.0.0.2 Established 1 minute 0 bytes 0 bytes 54 minutes 30 pkts 30 pkts.\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf IPsec is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eswitch\u0026gt;show ip security connection\nLegend: (P) policy based VPN tunnel.\u003c/code\u003e\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8873, the following condition must be met: IPsec must be configured:\n\n\n\n\nswitch\u003eshow ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel Source Dest Status Uptime Input Output Rekey Time\nTunnel8 10.0.0.1 10.0.0.2 Established 1 minute 0 bytes 0 bytes 54 minutes 30 pkts 30 pkts.\n\n\n\n\nIf IPsec is not configured there is no exposure to this issue and the message will look like:\n\n\n\n\nswitch\u003eshow ip security connection\nLegend: (P) policy based VPN tunnel."
}
],
"datePublic": "2026-06-04T22:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T23:04:56.535Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22869-security-advisory-0127"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8873 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.7M and later releases in the 4.32.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAfter upgrading to a remediated version of software, the system TCAM profile must be changed to ipsec-egress-padding-removal:\u0026nbsp;\u003ca href=\"https://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal\" target=\"_blank\" rel=\"noopener noreferrer\"\u003ehttps://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis may momentarily impact traffic. Apply the configuration found at the url to create a TCAM profile and then apply the TCAM profile as shown below.\u003c/p\u003e\u003cpre\u003eswitch(config)#hardware tcam\nswitch(config-tcam)#system profile ipsec-egress-padding-removal\n!\nWARNING!\nChanging TCAM profile will cause forwarding agent(s) to exit and restart.\nAll traffic through the forwarding chip managed by the restarting\nforwarding agent will be dropped.\n \nProceed [y/n]y\nswitch(config-tcam)#\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo ensure the TCAM profile has been applied, run the following command and verify the Configuration and Status values match\u0026nbsp;\u003cb\u003eipsec-egress-padding-removal\u003c/b\u003e:\u003c/p\u003e\u003cpre\u003eswitch(config-tcam)#show hardware tcam profile\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Configuration\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\nFixedSystem\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ipsec-egress-padding-removal \nipsec-egress-padding-removal\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u2018\u003cb\u003eipsec-egress-padding-removal\u003c/b\u003e\u2019 differs from the \u2018\u003cb\u003eipsec\u003c/b\u003e\u2019 TCAM profile in two ways:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEgress IP ACLs are disabled\u003c/li\u003e\u003cli\u003eFixes for BUG603398 and BUG1246592 are applied\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u00a0 https://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal .\n\n\n\nThis may momentarily impact traffic. Apply the configuration found at the url to create a TCAM profile and then apply the TCAM profile as shown below.\n\n\n\nswitch(config)#hardware tcam\nswitch(config-tcam)#system profile ipsec-egress-padding-removal\n!\nWARNING!\nChanging TCAM profile will cause forwarding agent(s) to exit and restart.\nAll traffic through the forwarding chip managed by the restarting\nforwarding agent will be dropped.\n \nProceed [y/n]y\nswitch(config-tcam)#\n\n\n\u00a0\n\n\n\nTo ensure the TCAM profile has been applied, run the following command and verify the Configuration and Status values match\u00a0ipsec-egress-padding-removal:\n\n\n\nswitch(config-tcam)#show hardware tcam profile\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Configuration\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\nFixedSystem\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ipsec-egress-padding-removal \nipsec-egress-padding-removal\n\n\n\u00a0\n\n\n\n\u2018ipsec-egress-padding-removal\u2019 differs from the \u2018ipsec\u2019 TCAM profile in two ways:\n\n * Egress IP ACLs are disabled\n * Fixes for BUG603398 and BUG1246592 are applied"
}
],
"source": {
"advisory": "127",
"defect": [
"BUG 1246592"
],
"discovery": "EXTERNAL"
},
"title": "Arista EOS Dataplane Denial of Service via Malformed IPsec Packet",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no mitigations for this vulnerability.\u003c/p\u003e"
}
],
"value": "There are no mitigations for this vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8873",
"datePublished": "2026-06-04T23:04:56.535Z",
"dateReserved": "2025-08-11T18:28:43.460Z",
"dateUpdated": "2026-06-05T18:31:35.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5502 (GCVE-0-2023-5502)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:39 – Updated: 2026-06-05 18:30
VLAI
Title
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.
Summary
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.31.0 , ≤ 4.31.0F
(custom)
Affected: 4.30.0 , ≤ 4.30.4M (custom) Affected: 4.29.0 , ≤ 4.29.6M (custom) Affected: 4.28.0 , ≤ 4.28.8M (custom) Affected: 4.27.0 , ≤ 4.27.11M (custom) Affected: 4.26.0 , ≤ 4.26.11M (custom) Affected: 4.25.0 , ≤ 4.25.11M (custom) Affected: 4.24.0 , ≤ 4.24.11M (custom) |
Date Public
2024-05-21 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:30:41.122247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:30:54.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7020R Series",
"7280R/R2 Series",
"7500R/R2 Series",
"7280E Series",
"7500E Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.31.0F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.4M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.6M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.8M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.11M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.11M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.11M",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2023-5502, either of the following configuration conditions must be met:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCondition 1: Dot1x authentication must be configured:\u003c/strong\u003e\u003c/p\u003e\u003cpre\u003edot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n !! One of the two configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\u003c/pre\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eCondition 2: 802.1x configured in any host mode with MBA:\u003c/strong\u003e\u003c/p\u003e\u003cpre\u003edot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n dot1x mac based authentication\n !! One of the three configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\n dot1x host-mode multi-host\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-5502, either of the following configuration conditions must be met:\n\nCondition 1: Dot1x authentication must be configured:\n\ndot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n !! One of the two configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing\n\nCondition 2: 802.1x configured in any host mode with MBA:\n\ndot1x system-auth-control\ninterface Ethernet1\n dot1x pae authenticator\n dot1x port-control auto\n dot1x mac based authentication\n !! One of the three configuration lines below MUST be set\n dot1x host-mode single-host\n dot1x host-mode multi-host authenticated\n dot1x host-mode multi-host\ninterface Vlan100\n ip address 1.1.1.1/24\n ip routing"
}
],
"datePublic": "2024-05-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eOn affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:39:34.101Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19462-security-advisory-0096"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2023-5502 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.0F and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.3M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.5M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.7M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Products 7280E and 7500E are EOL, and there are no released versions of EOS which fix the issue on those platforms.\u003c/p\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-5502 has been fixed in the following releases:\n * 4.32.0F and later releases in the 4.32.x train\n * 4.31.3M and later releases in the 4.31.x train\n * 4.30.5M and later releases in the 4.30.x train\n * 4.29.7M and later releases in the 4.29.x train\n\nNote: Products 7280E and 7500E are EOL, and there are no released versions of EOS which fix the issue on those platforms."
}
],
"source": {
"advisory": "0096",
"defect": [
"BUG 862986"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, a malicious supplicant may bypass authentication.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMitigation of this vulnerability requires disabling dot1x. Dot1x can be disabled globally using the following command:\u003c/p\u003e\u003cpre\u003eno dot1x system-auth-control\u003c/pre\u003e"
}
],
"value": "Mitigation of this vulnerability requires disabling dot1x. Dot1x can be disabled globally using the following command:\n\nno dot1x system-auth-control"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-5502",
"datePublished": "2026-06-04T22:39:34.101Z",
"dateReserved": "2023-10-10T15:58:04.589Z",
"dateUpdated": "2026-06-05T18:30:54.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27892 (GCVE-0-2024-27892)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:33 – Updated: 2026-06-05 18:30
VLAI
Title
On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Summary
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.31.0 , ≤ 4.31.2F
(custom)
Affected: 4.30.0 , ≤ 4.30.5M (custom) Affected: 4.29.0 , ≤ 4.29.7M (custom) Affected: 4.28.0 , ≤ 4.28.10M (custom) Affected: 4.27.0 , ≤ 4.27.8M (custom) Affected: 4.26.0 , ≤ 4.26.9M (custom) Affected: 4.25.0 , ≤ 4.25.10M (custom) Affected: 4.24.0 , ≤ 4.24.11M (custom) |
Date Public
2024-07-02 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:30:07.883215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:30:17.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710 Series",
"720D Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7800R3 Series",
"CloudEOS",
"cEOS-lab",
"vEOS-lab",
"AWE 5000 Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.31.2F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.5M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.7M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.10M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.8M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.9M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.10M",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-27892, the only condition is that OpenConfig must be enabled with an SSL profile:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: profile-name\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\u003c/pre\u003e\u003cbr\u003e\u003cp\u003eIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: no transports enabled\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-27892, the only condition is that OpenConfig must be enabled with an SSL profile:\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: profile-name\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\nIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled"
}
],
"datePublic": "2024-07-02T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAffected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:33:15.792Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27892 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.31.3M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.6M and later release in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27892 has been fixed in the following releases:\n * 4.31.3M and later releases in the 4.31.x train\n * 4.30.6M and later release in the 4.30.x train\n * 4.29.8M and later releases in the 4.29.x train\n * 4.28.11M and later releases in the 4.28.x train"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following hotfix can be applied to remediate CVE-2024-27892. The hotfix only applies to the releases listed below and no other releases.\u003c/p\u003e\u003cp\u003eNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\u003c/p\u003eEOS Versions 4.30.5\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.29.7\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003ed6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.28.10.1\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e"
}
],
"value": "The following hotfix can be applied to remediate CVE-2024-27892. The hotfix only applies to the releases listed below and no other releases.\n\n\n\nNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\n\nEOS Versions 4.30.5\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\n\n\u00a0\n\nEOS Versions 4.29.7\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\nd6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\n\n\u00a0\n\nEOS Versions 4.28.10.1\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\n\n\u00a0\n\n\n\nFor instructions on installation and verification of the hotfix patch, refer to the\u00a0 \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019."
}
],
"source": {
"advisory": "0099",
"defect": [
"BUG 912475"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable gNMI Set requests. This can be done by applying per RPC authorization and ensuring no user is authorized to run the OpenConfig.Set command.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi transport grpc default authorization requests\u003c/pre\u003e\u003cp\u003eAlternatively, TLS can be disabled:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no ssl profile\u003c/pre\u003e\u003cp\u003eAlternatively, the OpenConfig agent can be disabled entirely:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003c/pre\u003e"
}
],
"value": "The workaround is to disable gNMI Set requests. This can be done by applying per RPC authorization and ensuring no user is authorized to run the OpenConfig.Set command.\n\nswitch(config-gnmi-transport-default)#show management api gnmi transport grpc default authorization requests\n\nAlternatively, TLS can be disabled:\n\nswitch(config-gnmi-transport-default)#no ssl profile\n\nAlternatively, the OpenConfig agent can be disabled entirely:\n\nswitch(config-gnmi-transport-default)#no management api gnmi"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-27892",
"datePublished": "2026-06-04T22:33:15.792Z",
"dateReserved": "2024-02-26T18:06:32.161Z",
"dateUpdated": "2026-06-05T18:30:17.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27890 (GCVE-0-2024-27890)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:27 – Updated: 2026-06-05 18:29
VLAI
Title
On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).
Summary
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.29.0 , ≤ 4.29.7M
(custom)
Affected: 4.28.0 , ≤ 4.28.10M (custom) Affected: 4.27.0 , ≤ 4.27.8M (custom) Affected: 4.26.0 , ≤ 4.26.9M (custom) Affected: 4.25.0 , ≤ 4.25.10M (custom) Affected: 4.24.0 , ≤ 4.24.11M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:29:18.470860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:29:28.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710 Series",
"720D Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7800R3 Series",
"CloudEOS",
"cEOS-lab",
"vEOS-lab",
"AWE 5000 Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.7M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.10M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.8M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.9M",
"status": "affected",
"version": "4.26.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.10M",
"status": "affected",
"version": "4.25.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.11M",
"status": "affected",
"version": "4.24.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\u003c/pre\u003e\u003cbr\u003e\u003cp\u003eIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: no transports enabled\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\nIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eAffected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:27:36.610Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27890 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.0M and onwards\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27890 has been fixed in the following releases:\n * 4.30.0M and onwards\n * 4.29.8M and later releases in the 4.29.x train\n * 4.28.11M and later releases in the 4.28.x train"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\u003c/p\u003e\u003cp\u003eNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\u003c/p\u003eEOS Versions 4.30.5\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.29.7\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003ed6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.28.10.1\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e"
}
],
"value": "The following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\n\n\n\nNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\n\nEOS Versions 4.30.5\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\n\n\u00a0\n\nEOS Versions 4.29.7\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\nd6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\n\n\u00a0\n\nEOS Versions 4.28.10.1\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\n\n\u00a0\n\n\n\nFor instructions on installation and verification of the hotfix patch, refer to the\u00a0 \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019."
}
],
"source": {
"advisory": "0099",
"defect": [
"BUG 747512"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAlternatively for both, the OpenConfig agent can be disabled.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003c/pre\u003e\u003c/pre\u003e"
}
],
"value": "The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi\n\n\n\n\n\n\n\nAlternatively for both, the OpenConfig agent can be disabled.\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi"
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-27890",
"datePublished": "2026-06-04T22:27:36.610Z",
"dateReserved": "2024-02-26T18:06:32.160Z",
"dateUpdated": "2026-06-05T18:29:28.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27891 (GCVE-0-2024-27891)
Vulnerability from cvelistv5 – Published: 2026-06-04 22:08 – Updated: 2026-06-05 18:28
VLAI
Title
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.
Summary
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.32.0 , ≤ 4.32.0.1F
(custom)
Affected: 4.31.0 , ≤ 4.31.2F (custom) Affected: 4.30.0 , ≤ 4.30.6M (custom) Affected: 4.29.0 , ≤ 4.29.7M (custom) Affected: 4.28.0 , ≤ 4.28.10.1M (custom) Affected: 4.27.2F , < 4.28.0 (custom) |
Date Public
2024-07-23 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:28:35.666431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:28:50.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"722XPM Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.0.1F",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.2F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.6M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.7M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.10.1M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThan": "4.28.0",
"status": "affected",
"version": "4.27.2F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-27891, multiple specific conditions must be met. Both MACsec and egress ACLs must be configured and active on the same interface as the minimum requirements for this issue to be exposed. Please review the following sections to identify if your organization is affected.\u003c/p\u003e\u003col\u003e\u003cli\u003eMACsec must be configured:\u003cbr\u003e\u003cpre\u003eswitch\u0026gt;show mac security status\nAdministrative State: \u0026nbsp; \u0026nbsp; enabled\nActive Profiles:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 1\nData Delay Protection:\u0026nbsp; \u0026nbsp; no\nEAPoL Destination MAC:\u0026nbsp; \u0026nbsp; 0180.c200.0003\nFIPS Mode:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; no\nSecured Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; 54\nLicense:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; enabled\n\u003c/pre\u003e\u003cp\u003e\u003cb\u003eNote:\u003c/b\u003e\u0026nbsp;active profiles is not 0, and number of secured interfaces is not 0\u003c/p\u003e\u003cdiv\u003eIf MACsec is not configured there is no exposure to this issue and the message will include 0 Active Profiles, and 0 Secured Interfaces.\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show mac security status\nAdministrative State: \u0026nbsp; \u0026nbsp; enabled\nActive Profiles:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\nData Delay Protection:\u0026nbsp; \u0026nbsp; no\nEAPoL Destination MAC:\u0026nbsp; \u0026nbsp; 0180.c200.0003\nFIPS Mode:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; no\nSecured Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; 0\nLicense:\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; disabled (Hardware license not enabled)\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eAccess Control Lists (ACLs) must be configured for outbound packets:\u003cbr\u003e\u003cpre\u003eswitch#show running-config | section access-list\nipv6 access-list testIp6Acl\nip access-list testIpAcl\nmac access-list testMacAcl\n \nswitch#show running-config | section access-group\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n\u003c/pre\u003e\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-27891, multiple specific conditions must be met. Both MACsec and egress ACLs must be configured and active on the same interface as the minimum requirements for this issue to be exposed. Please review the following sections to identify if your organization is affected.\n\n * MACsec must be configured:\n\n\nswitch\u003eshow mac security status\nAdministrative State: \u00a0 \u00a0 enabled\nActive Profiles:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1\nData Delay Protection:\u00a0 \u00a0 no\nEAPoL Destination MAC:\u00a0 \u00a0 0180.c200.0003\nFIPS Mode:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 no\nSecured Interfaces: \u00a0 \u00a0 \u00a0 54\nLicense:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 enabled\n\n\n\n\nNote:\u00a0active profiles is not 0, and number of secured interfaces is not 0\n\nIf MACsec is not configured there is no exposure to this issue and the message will include 0 Active Profiles, and 0 Secured Interfaces.\n\n\n\nswitch\u003eshow mac security status\nAdministrative State: \u00a0 \u00a0 enabled\nActive Profiles:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0\nData Delay Protection:\u00a0 \u00a0 no\nEAPoL Destination MAC:\u00a0 \u00a0 0180.c200.0003\nFIPS Mode:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 no\nSecured Interfaces: \u00a0 \u00a0 \u00a0 0\nLicense:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 disabled (Hardware license not enabled)\n\n\n\u00a0\n\n\n * Access Control Lists (ACLs) must be configured for outbound packets:\n\n\nswitch#show running-config | section access-list\nipv6 access-list testIp6Acl\nip access-list testIpAcl\nmac access-list testMacAcl\n \nswitch#show running-config | section access-group\ninterface Ethernet1\n\u00a0\u00a0\u00a0ip access-group testIpAcl out"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe total number of ACLs configured must be any of the following:\u003c/div\u003e\u003col\u003e\u003cli\u003eMore than 3 MAC ACLs, or\u003c/li\u003e\u003cli\u003eMore than 7 IPv4 ACLs, or\u003c/li\u003e\u003cli\u003eMore than 3 IPv6 ACLs\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf for each ACL type in use, there are less than the above corresponding number configured there is no exposure to this issue.\u003c/p\u003e\u003cdiv\u003eIf ACLs are not configured for outbound packets there is no exposure to this issue and the message will look like:\u003c/div\u003e\u003cpre\u003e! Notice no output below, indicating no ACLs configured\n! or notice ACLs are applied as \u201cin\u201d only.\nswitch#show running-config | section access-list\nswitch#\nswitch#show running-config | section access-group\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf no interfaces which have ACLs configured for outbound packets have MACsec configured, there is no exposure to this issue.\u003c/p\u003e\u003cp\u003eNote that interface types such as Vlan interfaces, or Port-Channel interfaces may have none, one or multiple physical interfaces.\u003c/p\u003e\u003cp\u003eTo check for MACsec configuration, first resolve the access-group configured interfaces to a list of all Ethernet physical interfaces.\u003c/p\u003e\u003cp\u003eIn the example below, there is an ACL applied to Port-Channel1 (Ethernet1, Ethernet5), Vlan613 (Ethernet2, Ethernet4) and Ethernet3. Therefore Ethernet1-5 should be checked to see if MACsec is enabled.\u003c/p\u003e\u003cpre\u003eswitch#show running-config | section access-group\ninterface Port-Channel1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\ninterface Vlan613\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n \nswitch\u0026gt;show port-channel 1 brief\nPort Channel Port-Channel1:\n\u0026nbsp;\u0026nbsp;Active Ports: Ethernet1 Ethernet5\n \nswitch\u0026gt;show vlan 613\nVLAN\u0026nbsp; Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\u0026nbsp; \u0026nbsp; Ports\n----- -------------------------------- --------- -------------------------------\n613 \u0026nbsp; VLAN0613 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active\u0026nbsp; \u0026nbsp; Cpu, Et2, Et4\n \nswitch\u0026gt;show mac security interface Ethernet1-5\nInterface \u0026nbsp; \u0026nbsp; \u0026nbsp; SCI \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Controlled Port\u0026nbsp; \u0026nbsp; \u0026nbsp; Key in Use\nEthernet1 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00:00:00:00::0\u0026nbsp; \u0026nbsp; \u0026nbsp; False\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; None\nEthernet5 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\n\u003c/pre\u003e\u003cp\u003eIn the above example Ethernet1 and Ethernet5 have MACsec enabled.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The total number of ACLs configured must be any of the following:\n\n * More than 3 MAC ACLs, or\n * More than 7 IPv4 ACLs, or\n * More than 3 IPv6 ACLs\n\n\nIf for each ACL type in use, there are less than the above corresponding number configured there is no exposure to this issue.\n\nIf ACLs are not configured for outbound packets there is no exposure to this issue and the message will look like:\n\n\n\n! Notice no output below, indicating no ACLs configured\n! or notice ACLs are applied as \u201cin\u201d only.\nswitch#show running-config | section access-list\nswitch#\nswitch#show running-config | section access-group\ninterface Ethernet1\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\n\n\n\u00a0\n\n\n\nIf no interfaces which have ACLs configured for outbound packets have MACsec configured, there is no exposure to this issue.\n\n\n\nNote that interface types such as Vlan interfaces, or Port-Channel interfaces may have none, one or multiple physical interfaces.\n\n\n\nTo check for MACsec configuration, first resolve the access-group configured interfaces to a list of all Ethernet physical interfaces.\n\n\n\nIn the example below, there is an ACL applied to Port-Channel1 (Ethernet1, Ethernet5), Vlan613 (Ethernet2, Ethernet4) and Ethernet3. Therefore Ethernet1-5 should be checked to see if MACsec is enabled.\n\n\n\nswitch#show running-config | section access-group\ninterface Port-Channel1\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\ninterface Vlan613\n\u00a0\u00a0\u00a0ip access-group testIpAcl out\n \nswitch\u003eshow port-channel 1 brief\nPort Channel Port-Channel1:\n\u00a0\u00a0Active Ports: Ethernet1 Ethernet5\n \nswitch\u003eshow vlan 613\nVLAN\u00a0 Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\u00a0 \u00a0 Ports\n----- -------------------------------- --------- -------------------------------\n613 \u00a0 VLAN0613 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active\u00a0 \u00a0 Cpu, Et2, Et4\n \nswitch\u003eshow mac security interface Ethernet1-5\nInterface \u00a0 \u00a0 \u00a0 SCI \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Controlled Port\u00a0 \u00a0 \u00a0 Key in Use\nEthernet1 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet2 \u00a0 \u00a0 \u00a0 00:00:00:00:00:00::0\u00a0 \u00a0 \u00a0 False\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 None\nEthernet5 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\n\n\n\n\nIn the above example Ethernet1 and Ethernet5 have MACsec enabled."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the example below, there are more than 3 IPv6 ACLs applied for outbound packets. All physical interfaces that are MACsec enabled, and have an IPv6 ACL applied for outbound packets, are exposed to this issue.\u003c/p\u003e\u003cpre\u003eswitch#show running-config | section access-group\ninterface Port-Channel1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl in\ninterface Ethernet45\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl2 out\ninterface Ethernet46\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl3 out\ninterface Ethernet47\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ipv6 access-group testIp6Acl4 out\ninterface Vlan613\n\u0026nbsp;\u0026nbsp;\u0026nbsp;ip access-group testIpAcl out\n \nswitch\u0026gt;show port-channel 1 brief\nPort Channel Port-Channel1:\n\u0026nbsp;\u0026nbsp;Active Ports: Ethernet1 Ethernet5\n \nswitch\u0026gt;show vlan 613\nVLAN\u0026nbsp; Name \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\u0026nbsp; \u0026nbsp; Ports\n----- -------------------------------- --------- -------------------------------\n613 \u0026nbsp; VLAN0613 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; active\u0026nbsp; \u0026nbsp; Cpu, Et2, Et4\n \nswitch\u0026gt;show mac security interface Ethernet1-$ | grep True\nEthernet1 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet2 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet5 \u0026nbsp; \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\nEthernet45 \u0026nbsp; \u0026nbsp; 12:15:35:24:c0:89::24193\u0026nbsp; True\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; static SAK: Tx AN: 2\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003e\u003cb\u003eInterface\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003e\u201cOut\u201d ACL\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eMinimum ACL count met\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eMACsec enabled\u003c/b\u003e\u003c/th\u003e\u003cth\u003e\u003cb\u003eAffected\u003c/b\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eEt1\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt2\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt3\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt4\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo (only one IPv4 ACL)\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt5\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt45\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt46\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eEt47\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIn the above example and table:\u003c/div\u003e\u003cul\u003e\u003cli\u003eEthernet46 and Ethernet47 are not exposed to this issue, because they are not MACsec enabled.\u003c/li\u003e\u003cli\u003eEthernet2, Ethernet3, and Ethernet4 are not exposed to this issue because there is only one IPv4 ACL group, which is less than the required number to be exposed for that ACL type.\u003c/li\u003e\u003cli\u003eEthernet3 is also not affected because the ACL is for incoming packets.\u003c/li\u003e\u003cli\u003eEthernet1, Ethernet5, and Ethernet45 are affected by this issue because they meet the conditions required.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "In the example below, there are more than 3 IPv6 ACLs applied for outbound packets. All physical interfaces that are MACsec enabled, and have an IPv6 ACL applied for outbound packets, are exposed to this issue.\n\n\n\nswitch#show running-config | section access-group\ninterface Port-Channel1\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl out\ninterface Ethernet3\n\u00a0\u00a0\u00a0ip access-group testIpAcl in\ninterface Ethernet45\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl2 out\ninterface Ethernet46\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl3 out\ninterface Ethernet47\n\u00a0\u00a0\u00a0ipv6 access-group testIp6Acl4 out\ninterface Vlan613\n\u00a0\u00a0\u00a0ip access-group testIpAcl out\n \nswitch\u003eshow port-channel 1 brief\nPort Channel Port-Channel1:\n\u00a0\u00a0Active Ports: Ethernet1 Ethernet5\n \nswitch\u003eshow vlan 613\nVLAN\u00a0 Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\u00a0 \u00a0 Ports\n----- -------------------------------- --------- -------------------------------\n613 \u00a0 VLAN0613 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 active\u00a0 \u00a0 Cpu, Et2, Et4\n \nswitch\u003eshow mac security interface Ethernet1-$ | grep True\nEthernet1 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet2 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet5 \u00a0 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\nEthernet45 \u00a0 \u00a0 12:15:35:24:c0:89::24193\u00a0 True\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 static SAK: Tx AN: 2\n\n\n\u00a0\n\nInterface\u201cOut\u201d ACLMinimum ACL count metMACsec enabledAffectedEt1YesYesYesYesEt2YesNo (only one IPv4 ACL)YesNoEt3NoNo (only one IPv4 ACL)NoNoEt4YesNo (only one IPv4 ACL)NoNoEt5YesYesYesYesEt45YesYesYesYesEt46YesYesNoNoEt47YesYesNoNo\n\n\u00a0\n\nIn the above example and table:\n\n * Ethernet46 and Ethernet47 are not exposed to this issue, because they are not MACsec enabled.\n * Ethernet2, Ethernet3, and Ethernet4 are not exposed to this issue because there is only one IPv4 ACL group, which is less than the required number to be exposed for that ACL type.\n * Ethernet3 is also not affected because the ACL is for incoming packets.\n * Ethernet1, Ethernet5, and Ethernet45 are affected by this issue because they meet the conditions required."
}
],
"datePublic": "2024-07-23T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan\u003eOn affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T22:08:42.522Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19908-security-advisory-0102"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27891 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.32.1F and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.3M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.7M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27891 has been fixed in the following releases:\n\n * 4.32.1F and later releases in the 4.32.x train \n * 4.31.3M and later releases in the 4.31.x train\n * 4.30.7M and later releases in the 4.30.x train\n * 4.29.8M and later releases in the 4.29.x train\n * 4.28.11M and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "102",
"defect": [
"BUG 906098"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable MACsec on interfaces with outbound packet ACLs, or to use inbound packet ACLs where possible. Note that ingress ACLs might need to be applied to a different set of interfaces or to other devices in the network.\u003c/p\u003e\u003cpre\u003eswitch#configure\u003cbr\u003eswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#no mac security profile\n \n! or remove/replace the `out` ACL\n! Note that you may wish to apply `in` ACLs to a different set of\n! interfaces than `out` ACLs were applied to.\n \nswitch#configure\u003cbr\u003eswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#mac access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#ip access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#ipv6 access-group \u0026lt;ACL name\u0026gt; in\nswitch(config-if-Et1)#no mac access-group out\nswitch(config-if-Et1)#no ip access-group out\nswitch(config-if-Et1)#no ipv6 access-group out\n\u003c/pre\u003e\u003cp\u003eFor more information about ACLs see\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-acls-and-route-maps\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: ACLs and Route Maps\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "The workaround is to disable MACsec on interfaces with outbound packet ACLs, or to use inbound packet ACLs where possible. Note that ingress ACLs might need to be applied to a different set of interfaces or to other devices in the network.\n\n\n\nswitch#configure\nswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#no mac security profile\n \n! or remove/replace the `out` ACL\n! Note that you may wish to apply `in` ACLs to a different set of\n! interfaces than `out` ACLs were applied to.\n \nswitch#configure\nswitch(config)#interface Ethernet1\nswitch(config-if-Et1)#mac access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#ip access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#ipv6 access-group \u003cACL name\u003e in\nswitch(config-if-Et1)#no mac access-group out\nswitch(config-if-Et1)#no ip access-group out\nswitch(config-if-Et1)#no ipv6 access-group out\n\n\n\n\nFor more information about ACLs see\u00a0 EOS User Manual: ACLs and Route Maps https://www.arista.com/en/um-eos/eos-acls-and-route-maps ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-27891",
"datePublished": "2026-06-04T22:08:42.522Z",
"dateReserved": "2024-02-26T18:06:32.161Z",
"dateUpdated": "2026-06-05T18:28:50.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6858 (GCVE-0-2024-6858)
Vulnerability from cvelistv5 – Published: 2026-06-04 21:51 – Updated: 2026-06-05 20:13
VLAI
Title
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Summary
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper validation of specified type of input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.31.0 , ≤ 4.31.1F
(custom)
Affected: 4.30.0 , ≤ 4.30.5M (custom) Affected: 4.29.0 , ≤ 4.29.7M (custom) Affected: 4.28.10 , ≤ 4.28.10.1M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T20:13:55.762154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T20:13:59.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"720D Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7800R3 Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.31.1F",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.5M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.7M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.10.1M",
"status": "affected",
"version": "4.28.10",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-6858, the following conditions must be met:\u003c/p\u003e\u003cp\u003e(1) dot1x should be configured on port as authenticator and port-control is auto mode and hostMode is multi-host. Please note the default host-mode is multi-host.\u003c/p\u003e\u003cpre\u003eswitch(config-if-et1)#show active\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x pae authenticator\u003cbr\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x port-control auto\u003cbr\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x host-mode multi-host\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cp\u003eAND\u003cbr\u003e(2) Fallback VLAN should be configured on port. Fallback VLAN can be configured in any of the following ways listed below;\u003c/p\u003e\u003cp\u003e(2-a) Global Configuration for unresponsive VLAN.\u003c/p\u003e\u003cpre\u003eswitch(config-dot1x)#show active\ndot1x\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;aaa unresponsive action traffic allow vlan \u0026lt;vlan-id\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n \nOR\n \nswitch(config-dot1x)#show active\ndot1x\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;aaa unresponsive action traffic allow\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eOR\u003cbr\u003e(2-b) Global Configuration for unresponsive phone VLAN.\u003c/div\u003e\u003cpre\u003eswitch(config-dot1x)#show active\ndot1x\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;aaa unresponsive phone action traffic allow\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eOR\u003cbr\u003e(2-c) Global Configuration for guest VLAN.\u003c/div\u003e\u003cpre\u003eswitch(config-dot1x)#show active\ndot1x\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;eapol unresponsive action traffic allow vlan \u0026lt;vlan-id\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eOR\u003cbr\u003e(2-d) Authentication failure VLAN configured on port.\u003c/div\u003e\u003cpre\u003eswitch(config-if-et1)#show active\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x authentication failure action traffic allow vlan \u0026lt;vlan_id\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eOR\u003cbr\u003e(2-e) Unresponsive VLAN configured on port.\u003c/div\u003e\u003cpre\u003eswitch(config-if-et1)#show active\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x aaa unresponsive action traffic allow vlan \u0026lt;vlan_id\u0026gt;\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eOR\u003cbr\u003e(2-f) Unresponsive phone VLAN configured on port.\u003c/div\u003e\u003cpre\u003eswitch(config-if-et1)#show active\ninterface Ethernet1\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\n\u0026nbsp;\u0026nbsp;\u0026nbsp;dot1x aaa unresponsive phone action traffic allow\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u2026\u2026\u2026\u2026\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-6858, the following conditions must be met:\n\n\n\n(1) dot1x should be configured on port as authenticator and port-control is auto mode and hostMode is multi-host. Please note the default host-mode is multi-host.\n\n\n\nswitch(config-if-et1)#show active\ninterface Ethernet1\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0dot1x pae authenticator\n\n\u00a0\u00a0\u00a0dot1x port-control auto\n\n\u00a0\u00a0\u00a0dot1x host-mode multi-host\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\n\nAND\n(2) Fallback VLAN should be configured on port. Fallback VLAN can be configured in any of the following ways listed below;\n\n\n\n(2-a) Global Configuration for unresponsive VLAN.\n\n\n\nswitch(config-dot1x)#show active\ndot1x\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0aaa unresponsive action traffic allow vlan \u003cvlan-id\u003e\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n \nOR\n \nswitch(config-dot1x)#show active\ndot1x\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0aaa unresponsive action traffic allow\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\u00a0\n\nOR\n(2-b) Global Configuration for unresponsive phone VLAN.\n\n\n\nswitch(config-dot1x)#show active\ndot1x\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0aaa unresponsive phone action traffic allow\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\u00a0\n\nOR\n(2-c) Global Configuration for guest VLAN.\n\n\n\nswitch(config-dot1x)#show active\ndot1x\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0eapol unresponsive action traffic allow vlan \u003cvlan-id\u003e\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\u00a0\n\nOR\n(2-d) Authentication failure VLAN configured on port.\n\n\n\nswitch(config-if-et1)#show active\ninterface Ethernet1\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0dot1x authentication failure action traffic allow vlan \u003cvlan_id\u003e\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\u00a0\n\nOR\n(2-e) Unresponsive VLAN configured on port.\n\n\n\nswitch(config-if-et1)#show active\ninterface Ethernet1\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0dot1x aaa unresponsive action traffic allow vlan \u003cvlan_id\u003e\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\n\n\u00a0\n\nOR\n(2-f) Unresponsive phone VLAN configured on port.\n\n\n\nswitch(config-if-et1)#show active\ninterface Ethernet1\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026\n\u00a0\u00a0\u00a0dot1x aaa unresponsive phone action traffic allow\n\u00a0\u00a0\u00a0\u2026\u2026\u2026\u2026"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Arista\u2019s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN."
}
],
"value": "In Arista\u2019s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper validation of specified type of input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T21:51:08.709Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19917-security-advisory-0103"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-6858 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.31.2F and later releases in the 4.31.x train.\u003c/li\u003e\u003cli\u003e4.30.6M and later releases in the 4.30.x train.\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train.\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u00a0 EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-6858 has been fixed in the following releases:\n\n * 4.31.2F and later releases in the 4.31.x train.\n * 4.30.6M and later releases in the 4.30.x train.\n * 4.29.8M and later releases in the 4.29.x train.\n * 4.28.11M and later releases in the 4.28.x train."
}
],
"source": {
"advisory": "103",
"defect": [
"BUG 828435"
],
"discovery": "INTERNAL"
},
"title": "In Arista\u2019s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability arises when there is an EAPOL supplicant in any of the fallback VLAN\u2019s ( i.e. auth-fail, unresponsive VLAN ). If only unauthenticated EAPOL supplicants are expected the admin can change dot1x host-mode to single-host as indicated below.\u003c/p\u003e\u003cpre\u003eswitch(config-if-et1)#dot1x host-mode single-host\n\u003c/pre\u003e\u003cul\u003e\u003cli\u003eDot1x Host Mode\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003eSingle Host Mode: Please note when once the 802.1X supplicant is authenticated on the port, ONLY the traffic coming from the supplicant\u0027s MAC is allowed through the port.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eMulti-Host Mode: Once the 802.1X supplicant is authenticated on the port, traffic coming from ANY source MAC is allowed through the port.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003eMulti-Host authenticated Mode: Multiple 802.1X supplicants can be allowed and ONLY the traffic coming from all authenticated supplicant\u2019s MAC is allowed through the port.\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This vulnerability arises when there is an EAPOL supplicant in any of the fallback VLAN\u2019s ( i.e. auth-fail, unresponsive VLAN ). If only unauthenticated EAPOL supplicants are expected the admin can change dot1x host-mode to single-host as indicated below.\n\n\n\nswitch(config-if-et1)#dot1x host-mode single-host\n\n\n * Dot1x Host Mode\n * \n\nSingle Host Mode: Please note when once the 802.1X supplicant is authenticated on the port, ONLY the traffic coming from the supplicant\u0027s MAC is allowed through the port.\n\n\n * \n\nMulti-Host Mode: Once the 802.1X supplicant is authenticated on the port, traffic coming from ANY source MAC is allowed through the port.\n\n\n * \n\nMulti-Host authenticated Mode: Multiple 802.1X supplicants can be allowed and ONLY the traffic coming from all authenticated supplicant\u2019s MAC is allowed through the port."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-6858",
"datePublished": "2026-06-04T21:51:08.709Z",
"dateReserved": "2024-07-17T20:13:57.799Z",
"dateUpdated": "2026-06-05T20:13:59.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7048 (GCVE-0-2025-7048)
Vulnerability from cvelistv5 – Published: 2026-01-06 19:15 – Updated: 2026-01-06 19:44
VLAI
Title
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o
Summary
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.3.0 , ≤ 4.34.3.1M
(custom)
Affected: 4.33.0 , ≤ 4.33.5M (custom) Affected: 4.32.0 , ≤ 4.32.7M (custom) Affected: 4.31.0 , ≤ 4.31.9M (custom) Affected: 0 , < 4.30.0 (custom) |
Date Public
2025-12-30 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T19:44:06.659074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:44:20.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7500R/R2",
"7388-8D",
"7800/R3/R3A",
"722XPM",
"720XPM",
"750X",
"7050X3/X4",
"7170",
"7280R/R2/R3/R3A/R4",
"7289R3",
"cEOS-lab",
"vEOS-lab"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.3.1M",
"status": "affected",
"version": "4.34.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.5M",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.9M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThan": "4.30.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-7048, the following condition must be met:\u003c/p\u003e\u003cp\u003eMACsec must be configured with valid keys:\u003c/p\u003e\u003cpre\u003eswitch#show mac security participants\nInterface: EthernetX\n\u0026nbsp; \u0026nbsp; CKN: \u0026lt;ckn\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Key management role: \u0026lt;key-server-role\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Success: \u0026lt;success-status\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Principal: \u0026lt;principal-status\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Key type: \u0026lt;key-type\u0026gt;\n \nInterface: EthernetY\n\u0026nbsp; \u0026nbsp; CKN: \u0026lt;ckn\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Key management role: \u0026lt;key-server-role\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Success: \u0026lt;success-status\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Principal: \u0026lt;principal-status\u0026gt;\n\u0026nbsp; \u0026nbsp; \u0026nbsp; Key type: \u0026lt;key-type\u0026gt;\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\u003c/p\u003e\u003cpre\u003eswitch#show mac security participants\nswitch#\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-7048, the following condition must be met:\n\nMACsec must be configured with valid keys:\n\nswitch#show mac security participants\nInterface: EthernetX\n\u00a0 \u00a0 CKN: \u003cckn\u003e\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: \u003ckey-server-role\u003e\n\u00a0 \u00a0 \u00a0 Success: \u003csuccess-status\u003e\n\u00a0 \u00a0 \u00a0 Principal: \u003cprincipal-status\u003e\n\u00a0 \u00a0 \u00a0 Key type: \u003ckey-type\u003e\n \nInterface: EthernetY\n\u00a0 \u00a0 CKN: \u003cckn\u003e\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: \u003ckey-server-role\u003e\n\u00a0 \u00a0 \u00a0 Success: \u003csuccess-status\u003e\n\u00a0 \u00a0 \u00a0 Principal: \u003cprincipal-status\u003e\n\u00a0 \u00a0 \u00a0 Key type: \u003ckey-type\u003e\n\n\n\u00a0\n\nIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\n\nswitch#show mac security participants\nswitch#"
}
],
"datePublic": "2025-12-30T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T19:15:44.409Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-7048 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.35.0F and later releases\u003c/li\u003e\u003cli\u003e4.34.4M and later releases in the 4.34.x train \u003c/li\u003e\u003cli\u003e4.33.6M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.10M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-7048 has been fixed in the following releases:\n\n * 4.35.0F and later releases\n * 4.34.4M and later releases in the 4.34.x train \n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "132",
"defect": [
"BUG1203696",
"BUG1153233"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-7048",
"datePublished": "2026-01-06T19:15:44.409Z",
"dateReserved": "2025-07-03T15:30:22.152Z",
"dateUpdated": "2026-01-06T19:44:20.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8872 (GCVE-0-2025-8872)
Vulnerability from cvelistv5 – Published: 2025-12-16 19:32 – Updated: 2025-12-16 19:51
VLAI
Title
A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted
Summary
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.
This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.0 , ≤ 4.34.1F
(custom)
Affected: 4.33.0 , ≤ 4.33.4M (custom) Affected: 4.32.0 , ≤ 4.32.7M (custom) Affected: 4.31.0 , ≤ 4.31.8M (custom) Affected: 0 , ≤ 4.31.0 (custom) |
Date Public
2025-12-16 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:50:49.156832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:51:10.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710/710XP Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7700R4 Series",
"7800R3/R4 Series",
"AWE 5000 Series",
"AWE 7200R Series",
"CloudEOS",
"cEOS-lab",
"vEOS-lab",
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.8M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8872, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u0026gt;show ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\n \nswitch\u0026gt;show ospfv3 neighbor\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8872, the following condition must be met:\n\nThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\n\nswitch\u003eshow ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u003eshow ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\n\n\u00a0\n\nIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\n\nswitch\u003eshow ospfv3\n \nswitch\u003eshow ospfv3 neighbor"
}
],
"datePublic": "2025-12-16T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\u003c/p\u003e\u003cp\u003eThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:32:20.528Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nArista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-8872 has been fixed in the following releases:\n\n * 4.34.2F and later releases in the 4.34.x train\n * 4.33.5M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.9M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "128",
"defect": [
"BUG1203059"
],
"discovery": "INTERNAL"
},
"title": "A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround to mitigate the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no workaround to mitigate the issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8872",
"datePublished": "2025-12-16T19:32:20.528Z",
"dateReserved": "2025-08-11T18:18:36.004Z",
"dateUpdated": "2025-12-16T19:51:10.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8870 (GCVE-0-2025-8870)
Vulnerability from cvelistv5 – Published: 2025-11-14 15:57 – Updated: 2025-11-14 16:29
VLAI
Title
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.
Summary
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
Severity
4.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.2FX
(custom)
|
Date Public
2025-11-11 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8870",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T16:28:58.202689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:29:13.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710X Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.2FX",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevice must be using the Synopsys Designware serial model:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#bash dmesg | grep \"Synopsys DesignWare\"\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSynopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\n\n\n * An attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\n\n\nAND\n\n * Device must be using the Synopsys Designware serial model:\n\n\n\n#bash dmesg | grep \"Synopsys DesignWare\"\n\n[ \u00a0 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a Synopsys DesignWare\n\n[ \u00a0 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:eos:4.34.2fx:*:710x_series:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-11-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:57:04.673Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22811-security-advisory-0125"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2025-8870 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.35.0F and later releases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2025-8870 has been fixed in the following releases:\n\n * 4.35.0F and later releases"
}
],
"source": {
"defect": [
"1206724"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe mitigation is to limit access to the serial console.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The mitigation is to limit access to the serial console."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8870",
"datePublished": "2025-11-14T15:57:04.673Z",
"dateReserved": "2025-08-11T18:15:44.614Z",
"dateUpdated": "2025-11-14T16:29:13.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54549 (GCVE-0-2025-54549)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:55 – Updated: 2025-10-30 14:12
VLAI
Title
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Summary
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
Date Public
2025-10-22 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:12:50.353170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:12:59.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe operator must attempt to install a tampered software upgrade image.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The operator must attempt to install a tampered software upgrade image."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO"
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:55:54.433Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1121566",
"BSC-20815"
],
"discovery": "INTERNAL"
},
"title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA downloaded upgrade image can be manually checked against the hash values published on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/software-download\"\u003earista.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the published hash values do not match those of the image this is a potential indicator of compromise.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A downloaded upgrade image can be manually checked against the hash values published on arista.com https://www.arista.com/support/software-download .\nIf the published hash values do not match those of the image this is a potential indicator of compromise."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54549",
"datePublished": "2025-10-29T22:55:54.433Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:12:59.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54548 (GCVE-0-2025-54548)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:52 – Updated: 2025-10-30 14:15
VLAI
Title
On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Summary
On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
Date Public
2025-10-22 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:13:10.416471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:49.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)"
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:52:54.039Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1082430",
"BSC-20741"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any restricted users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any restricted users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54548",
"datePublished": "2025-10-29T22:52:54.039Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:49.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54547 (GCVE-0-2025-54547)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:45 – Updated: 2025-10-30 14:15
VLAI
Title
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Summary
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
Date Public
2025-10-22 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:13:17.500900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:29.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: The connecting SSH client must be configured to allow multiple sessions to be multiplexed onto the same SSH Connection (e.g., via the OpenSSH \u003c/span\u003e\u003cb\u003eControlMaster auto\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configuration or other equivalent configurations); The ControlMaster connection must be active; The attacker must have access to the ControlMaster socket on the client.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: The connecting SSH client must be configured to allow multiple sessions to be multiplexed onto the same SSH Connection (e.g., via the OpenSSH ControlMaster auto\u00a0configuration or other equivalent configurations); The ControlMaster connection must be active; The attacker must have access to the ControlMaster socket on the client."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired"
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:45:53.499Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084527",
"BSC-20748"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo known mitigation \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No known mitigation"
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54547",
"datePublished": "2025-10-29T22:45:53.499Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:29.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54546 (GCVE-0-2025-54546)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:40 – Updated: 2025-10-30 14:15
VLAI
Title
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Summary
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
Date Public
2025-10-22 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:14:21.419821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:10.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, restricted users could use SSH port forwarding to access host-internal services\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:40:57.833Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084523"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any restricted users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any restricted users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54546",
"datePublished": "2025-10-29T22:40:57.833Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54545 (GCVE-0-2025-54545)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:36 – Updated: 2025-10-30 14:14
VLAI
Title
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Summary
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
Date Public
2025-10-22 15:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:14:29.376193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:14:49.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS)."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "capec-233"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:36:24.379Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084524",
"BSC-20739"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any non-administrator users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any non-administrator users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54545",
"datePublished": "2025-10-29T22:36:24.379Z",
"dateReserved": "2025-07-24T18:47:24.386Z",
"dateUpdated": "2025-10-30T14:14:49.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6978 (GCVE-0-2025-6978)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:50 – Updated: 2025-10-23 18:58
VLAI
Title
Diagnostics command injection vulnerability
Summary
Diagnostics command injection vulnerability
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Date Public
2025-10-21 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:58:35.986380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:58:45.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e\u003c/h4\u003e\u003ch4\u003eCVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability\u003c/h4\u003e\u003cp\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA successful attack requires administrative access to the NGFW UI.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDiagnostics command injection vulnerability\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Diagnostics command injection vulnerability"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:50:14.706Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15195"
],
"discovery": "EXTERNAL"
},
"title": "Diagnostics command injection vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e\u003c/h4\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDo not allow non-authorized administrative access or access to the administrative browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Do not allow non-authorized administrative access or access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6978",
"datePublished": "2025-10-23T18:50:14.706Z",
"dateReserved": "2025-07-01T16:52:56.316Z",
"dateUpdated": "2025-10-23T18:58:45.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6979 (GCVE-0-2025-6979)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:46 – Updated: 2025-10-23 18:59
VLAI
Title
Captive Portal can allow authentication bypass
Summary
Captive Portal can allow authentication bypass
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Date Public
2025-10-21 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:59:26.677141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:59:32.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eCVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eNo evidence of compromise exists.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6979"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCaptive Portal can allow authentication bypass\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Captive Portal can allow authentication bypass"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:46:37.557Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15196"
],
"discovery": "EXTERNAL"
},
"title": "Captive Portal can allow authentication bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "MitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6979",
"datePublished": "2025-10-23T18:46:37.557Z",
"dateReserved": "2025-07-01T16:53:03.559Z",
"dateUpdated": "2025-10-23T18:59:32.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6980 (GCVE-0-2025-6980)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:41 – Updated: 2025-10-23 18:59
VLAI
Title
Captive Portal can expose sensitive information
Summary
Captive Portal can expose sensitive information
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Date Public
2025-10-21 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:59:53.166328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:59:58.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive information\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003cp\u003eThe above shows Captive Portal as enabled.\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cdiv\u003eNo evidence of compromise exists.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003e2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eNo evidence of compromise exists.\u003c/p\u003e\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"\u003e\u003c/p\u003e\u003ch4\u003e3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability\u003c/h4\u003e\u003cp\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA successful attack requires administrative access to the NGFW UI.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive informationRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nThe above shows Captive Portal as enabled.\n\nIndicators of CompromiseNo evidence of compromise exists.\n\n\u00a0\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n\u00a0\n\n2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists.\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCaptive Portal can expose sensitive information\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Captive Portal can expose sensitive information"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:41:47.326Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15197"
],
"discovery": "EXTERNAL"
},
"title": "Captive Portal can expose sensitive information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDo not allow non-authorized administrative access or access to the administrative browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Do not allow non-authorized administrative access or access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6980",
"datePublished": "2025-10-23T18:41:47.326Z",
"dateReserved": "2025-07-01T16:53:05.372Z",
"dateUpdated": "2025-10-23T18:59:58.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6188 (GCVE-0-2025-6188)
Vulnerability from cvelistv5 – Published: 2025-08-25 20:14 – Updated: 2025-08-27 14:53
VLAI
Title
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n
Summary
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- 288
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1F
(custom)
Affected: 4.33.1.0 , ≤ 4.33.1.2F (custom) Affected: 4.32.4.0 , ≤ 4.32.4.1M (custom) Affected: 4.31.0 , ≤ 4.31.6M (custom) Affected: 4.30.0 , ≤ 4.30.9.1M (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:56:57.303610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:53:30.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.1.2F",
"status": "affected",
"version": "4.33.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.4.1M",
"status": "affected",
"version": "4.32.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9.1M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEOS devices are vulnerable to CVE-2025-6188 by default, and no specific configuration is necessary.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "EOS devices are vulnerable to CVE-2025-6188 by default, and no specific configuration is necessary."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was discovered externally and responsibly reported to Arista by Chris Laffin of automattic.com."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-486",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-486 UDP Flood"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:14:23.427Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22021-security-advisory-0121"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-6188 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.0 and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.5 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.10 and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-6188 has been fixed in the following releases:\n\n * 4.34.0 and later releases in the 4.34.x train\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.5 and later releases in the 4.32.x train\n * 4.31.7 and later releases in the 4.31.x train\n * 4.30.10 and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "121",
"defect": [
"BUG 1008073"
],
"discovery": "EXTERNAL"
},
"title": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503.\u003c/p\u003e\u003cpre\u003eSwitch(config)#system control-plane\nSwitch(config-cp)#ip access-group my-custom-acl \n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor EOS versions more recent than 4.22.0, an \u2018mpls ping\u2019 service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL.\u003c/p\u003e\u003cp\u003eTake the following example, where the user applies service ACL \u2018Foo\u2019 that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else.\u003c/p\u003e\u003cpre\u003eSwitch(config)#ip access-list Foo\nSwitch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any\nSwitch(config-acl-foo)#deny udp any eq lsp-ping any\n \nSwitch(config)#mpls ping\nSwitch(config-mpls-ping)#ip access-group foo in\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists.\u003c/p\u003e"
}
],
"value": "For EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503.\n\nSwitch(config)#system control-plane\nSwitch(config-cp)#ip access-group my-custom-acl \n\n\n\u00a0\n\nFor EOS versions more recent than 4.22.0, an \u2018mpls ping\u2019 service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL.\n\nTake the following example, where the user applies service ACL \u2018Foo\u2019 that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else.\n\nSwitch(config)#ip access-list Foo\nSwitch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any\nSwitch(config-acl-foo)#deny udp any eq lsp-ping any\n \nSwitch(config)#mpls ping\nSwitch(config-mpls-ping)#ip access-group foo in\n\n\n\u00a0\n\nIf MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6188",
"datePublished": "2025-08-25T20:14:23.427Z",
"dateReserved": "2025-06-16T20:34:33.402Z",
"dateUpdated": "2025-08-27T14:53:30.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3456 (GCVE-0-2025-3456)
Vulnerability from cvelistv5 – Published: 2025-08-25 20:02 – Updated: 2025-08-25 20:31
VLAI
Title
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c
Summary
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.0F
(custom)
Affected: 4.33.0 , ≤ 4.33.3F (custom) Affected: 4.32.0 , ≤ 4.32.5M (custom) Affected: 4.31.0 , ≤ 4.31.7M (custom) Affected: 4.30.0 , ≤ 4.30.10M (custom) Affected: 4.29.0 , ≤ 4.29.10M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:31:37.034026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:31:54.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.3F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.5M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.7M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.10M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.10M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-3456, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe global custom encryption key must be configured:\u003c/p\u003e\u003cpre\u003eswitch#show running-config | sect management security\nmanagement security\n\u0026nbsp; \u0026nbsp;password encryption-key common custom \u0026lt;key\u0026gt;\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-3456, the following condition must be met:\n\nThe global custom encryption key must be configured:\n\nswitch#show running-config | sect management security\nmanagement security\n\u00a0 \u00a0password encryption-key common custom \u003ckey\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."
}
],
"impacts": [
{
"capecId": "CAPEC-545",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-545: Pull Data from System Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:02:48.722Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-3456 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.1F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.4M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.6M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.8M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2025-3456 has been fixed in the following releases:\n\n * 4.34.1F and later releases in the 4.34.x train\n * 4.33.4M and later releases in the 4.33.x train\n * 4.32.6M and later releases in the 4.32.x train\n * 4.31.8M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "122",
"defect": [
"BUG1114420"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-3456",
"datePublished": "2025-08-25T20:02:48.722Z",
"dateReserved": "2025-04-08T21:38:05.413Z",
"dateUpdated": "2025-08-25T20:31:54.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2826 (GCVE-0-2025-2826)
Vulnerability from cvelistv5 – Published: 2025-05-27 22:22 – Updated: 2025-05-28 13:34
VLAI
Title
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.
Summary
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
* Packets which should be permitted may be dropped and,
* Packets which should be dropped may be permitted.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.2F
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:33:59.901353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:08.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.2F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPV4 ACL ipv4ACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eMAC ACL macAcl\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eStandard IPV6 ACL ipv6StandardACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et21/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et21/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nIPV4 ACL ipv4ACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\nMAC ACL macAcl\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nStandard IPV6 ACL ipv6StandardACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et21/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et21/1\n\n\n\u00a0\n\nIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003en affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\u003c/p\u003e\u003col\u003e\u003cli\u003ePackets which should be permitted may be dropped and,\u003c/li\u003e\u003cli\u003ePackets which should be dropped may be permitted.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\n\n * Packets which should be permitted may be dropped and,\n * Packets which should be dropped may be permitted."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:22:51.717Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-2826 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2.1F, 4.33.3F and later releases in the 4.33.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-2826 has been fixed in the following releases:\n\n * 4.33.2.1F, 4.33.3F and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA120",
"defect": [
"BUG 795398"
],
"discovery": "INTERNAL"
},
"title": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-2826",
"datePublished": "2025-05-27T22:22:51.717Z",
"dateReserved": "2025-03-26T16:02:22.894Z",
"dateUpdated": "2025-05-28T13:34:08.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}