CVE-2024-27890 (GCVE-0-2024-27890)

Vulnerability from cvelistv5 – Published: 2026-06-04 22:27 – Updated: 2026-06-05 18:29
VLAI
Title
On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).
Summary
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Severity
7.2 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
9.6 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
Vendor Product Version
Arista Networks EOS Affected: 4.29.0 , ≤ 4.29.7M (custom)
Affected: 4.28.0 , ≤ 4.28.10M (custom)
Affected: 4.27.0 , ≤ 4.27.8M (custom)
Affected: 4.26.0 , ≤ 4.26.9M (custom)
Affected: 4.25.0 , ≤ 4.25.10M (custom)
Affected: 4.24.0 , ≤ 4.24.11M (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:29:18.470860Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:29:28.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "710 Series",
            "720D Series",
            "720XP/722XPM Series",
            "750X Series",
            "7010 Series",
            "7010X Series",
            "7020R Series",
            "7130 Series running EOS",
            "7150 Series",
            "7160 Series",
            "7170 Series",
            "7050X/X2/X3/X4 Series",
            "7060X/X2/X4/X5/X6 Series",
            "7250X Series",
            "7260X/X3 Series",
            "7280E/R/R2/R3 Series",
            "7300X/X3 Series",
            "7320X Series",
            "7358X4 Series",
            "7368X4 Series",
            "7388X5 Series",
            "7500E/R/R2/R3 Series",
            "7800R3 Series",
            "CloudEOS",
            "cEOS-lab",
            "vEOS-lab",
            "AWE 5000 Series"
          ],
          "product": "EOS",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "4.29.7M",
              "status": "affected",
              "version": "4.29.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.28.10M",
              "status": "affected",
              "version": "4.28.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.27.8M",
              "status": "affected",
              "version": "4.27.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.26.9M",
              "status": "affected",
              "version": "4.26.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.25.10M",
              "status": "affected",
              "version": "4.25.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.24.11M",
              "status": "affected",
              "version": "4.24.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\u003c/pre\u003e\u003cbr\u003e\u003cp\u003eIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: no transports enabled\u003c/pre\u003e"
            }
          ],
          "value": "In order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\nIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan\u003eAffected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T22:27:36.610Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27890 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.0M and onwards\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27890 has been fixed in the following releases:\n  * 4.30.0M and onwards\n  * 4.29.8M and later releases in the 4.29.x train\n  * 4.28.11M and later releases in the 4.28.x train"
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\u003c/p\u003e\u003cp\u003eNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\u003c/p\u003eEOS Versions 4.30.5\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.29.7\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003ed6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.28.10.1\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\" target=\"_blank\" rel=\"noopener noreferrer\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e"
            }
          ],
          "value": "The following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\n\n\n\nNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\n\nEOS Versions 4.30.5\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\n\n\u00a0\n\nEOS Versions 4.29.7\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\nd6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\n\n\u00a0\n\nEOS Versions 4.28.10.1\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\n\n\u00a0\n\n\n\nFor instructions on installation and verification of the hotfix patch, refer to the\u00a0 \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019."
        }
      ],
      "source": {
        "advisory": "0099",
        "defect": [
          "BUG 747512"
        ],
        "discovery": "INTERNAL"
      },
      "title": "On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAlternatively for both, the OpenConfig agent can be disabled.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003c/pre\u003e\u003c/pre\u003e"
            }
          ],
          "value": "The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi\n\n\n\n\n\n\n\nAlternatively for both, the OpenConfig agent can be disabled.\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2024-27890",
    "datePublished": "2026-06-04T22:27:36.610Z",
    "dateReserved": "2024-02-26T18:06:32.160Z",
    "dateUpdated": "2026-06-05T18:29:28.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-27890",
      "date": "2026-06-08",
      "epss": "0.00276",
      "percentile": "0.51293"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27890\",\"sourceIdentifier\":\"psirt@arista.com\",\"published\":\"2026-06-04T23:16:47.487\",\"lastModified\":\"2026-06-05T15:02:34.977\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"psirt@arista.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099\",\"source\":\"psirt@arista.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).\", \"source\": {\"defect\": [\"BUG 747512\"], \"advisory\": \"0099\", \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"EOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.29.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.29.7M\"}, {\"status\": \"affected\", \"version\": \"4.28.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.28.10M\"}, {\"status\": \"affected\", \"version\": \"4.27.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.27.8M\"}, {\"status\": \"affected\", \"version\": \"4.26.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.26.9M\"}, {\"status\": \"affected\", \"version\": \"4.25.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.25.10M\"}, {\"status\": \"affected\", \"version\": \"4.24.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.24.11M\"}], \"platforms\": [\"710 Series\", \"720D Series\", \"720XP/722XPM Series\", \"750X Series\", \"7010 Series\", \"7010X Series\", \"7020R Series\", \"7130 Series running EOS\", \"7150 Series\", \"7160 Series\", \"7170 Series\", \"7050X/X2/X3/X4 Series\", \"7060X/X2/X4/X5/X6 Series\", \"7250X Series\", \"7260X/X3 Series\", \"7280E/R/R2/R3 Series\", \"7300X/X3 Series\", \"7320X Series\", \"7358X4 Series\", \"7368X4 Series\", \"7388X5 Series\", \"7500E/R/R2/R3 Series\", \"7800R3 Series\", \"CloudEOS\", \"cEOS-lab\", \"vEOS-lab\", \"AWE 5000 Series\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \\n\\nCVE-2024-27890 has been fixed in the following releases:\\n  * 4.30.0M and onwards\\n  * 4.29.8M and later releases in the 4.29.x train\\n  * 4.28.11M and later releases in the 4.28.x train\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\\\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-27890 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.0M and onwards\u003c/li\u003e\u003cli\u003e4.29.8M and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.11M and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"The following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\\n\\n\\n\\nNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\\n\\nEOS Versions 4.30.5\\n\\n32 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\n85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\\n\\n\\u00a0\\n\\n\\n\\n64 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\n263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\\n\\n\\u00a0\\n\\nEOS Versions 4.29.7\\n\\n32 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\n0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\\n\\n\\u00a0\\n\\n\\n\\n64 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\nd6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\\n\\n\\u00a0\\n\\nEOS Versions 4.28.10.1\\n\\n32 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\n12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\\n\\n\\u00a0\\n\\n\\n\\n64 bit\\nVersion: 1.0\\nURL:\\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix \\n\\n\\n\\nSWIX hash:(SHA512)\\n2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\\n\\n\\u00a0\\n\\n\\n\\nFor instructions on installation and verification of the hotfix patch, refer to the\\u00a0 \\u201cmanaging eos extensions\\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \\u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \\u2018copy installed-extensions boot-extensions\\u2019.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\u003c/p\u003e\u003cp\u003eNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\u003c/p\u003eEOS Versions 4.30.5\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.29.7\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003ed6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003eEOS Versions 4.28.10.1\u003cp\u003e\u003cb\u003e32 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u003cb\u003e64 bit\u003c/b\u003e\u003cbr\u003eVersion: 1.0\u003cbr\u003eURL:\u003cbr\u003e\u003ca href=\\\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\\\"\u003ehttps://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\u003c/a\u003e\u003c/p\u003e\u003cpre\u003eSWIX hash:(SHA512)\u003cbr\u003e2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the\u0026nbsp;\u003ca href=\\\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\"\u003e\\u201cmanaging eos extensions\\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \\u2018copy installed-extensions boot-extensions\\u2019.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\\n\\n\\n\\nswitch(config-gnmi-transport-default)#no management api gnmi\\n\\n\\n\\n\\n\\n\\n\\nAlternatively for both, the OpenConfig agent can be disabled.\\n\\n\\n\\nswitch(config-gnmi-transport-default)#no management api gnmi\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eAlternatively for both, the OpenConfig agent can be disabled.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#no management api gnmi\u003c/pre\u003e\u003c/pre\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan\u003eAffected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\\n\\nswitch(config-gnmi-transport-default)#show management api gnmi\\nTransport: default\\nEnabled: yes\\nServer: running on port 6030, in default VRF\\nSSL profile: none\\nQoS DSCP: none\\nAuthorization required: no\\nAccounting requests: no\\nNotification timestamp: last change time\\nListen addresses: ::\\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\\n\\nIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\\n\\nswitch(config)#show management api gnmi\\nEnabled: no transports enabled\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\\nTransport: default\\nEnabled: yes\\nServer: running on port 6030, in default VRF\\nSSL profile: none\\nQoS DSCP: none\\nAuthorization required: no\\nAccounting requests: no\\nNotification timestamp: last change time\\nListen addresses: ::\\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\u003c/pre\u003e\u003cbr\u003e\u003cp\u003eIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\\nEnabled: no transports enabled\u003c/pre\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2026-06-04T22:27:36.610Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27890\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-05T18:29:18.470860Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-06-05T18:29:24.588Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27890\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-04T22:27:36.610Z\", \"dateReserved\": \"2024-02-26T18:06:32.160Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2026-06-04T22:27:36.610Z\", \"assignerShortName\": \"Arista\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.