Vulnerabilities > Arista
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-20 | CVE-2024-12829 | OS Command Injection vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-12-20 | CVE-2024-12830 | Path Traversal vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. | 7.3 |
| 2024-12-20 | CVE-2024-12831 | Incorrect Authorization vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. | 7.8 |
| 2024-12-20 | CVE-2024-12832 | SQL Injection vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. | 6.3 |
| 2023-12-06 | CVE-2023-24547 | Cleartext Transmission of Sensitive Information vulnerability in Arista MOS 0.13.0/0.25/0.39.4 On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | 6.5 |
| 2023-08-29 | CVE-2023-24548 | Classic Buffer Overflow vulnerability in Arista EOS On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. | 6.5 |
| 2023-08-29 | CVE-2023-3646 | Out-of-bounds Read vulnerability in Arista EOS On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | 7.5 |
| 2023-06-13 | CVE-2023-24546 | Incorrect Authorization vulnerability in Arista Cloudvision Portal On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. | 8.1 |
| 2023-06-05 | CVE-2023-24510 | Improper Handling of Exceptional Conditions vulnerability in Arista EOS On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 7.5 |
| 2023-04-25 | CVE-2023-24512 | Incorrect Authorization vulnerability in Arista products On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. | 6.5 |