Vulnerabilities > Arista
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-24547 | Cleartext Transmission of Sensitive Information vulnerability in Arista MOS 0.13.0/0.25/0.39.4 On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | 6.5 |
| 2023-08-29 | CVE-2023-24548 | Classic Buffer Overflow vulnerability in Arista EOS On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. | 6.5 |
| 2023-08-29 | CVE-2023-3646 | Out-of-bounds Read vulnerability in Arista EOS On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | 7.5 |
| 2023-06-13 | CVE-2023-24546 | Incorrect Authorization vulnerability in Arista Cloudvision Portal On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. | 8.1 |
| 2023-06-05 | CVE-2023-24510 | Improper Handling of Exceptional Conditions vulnerability in Arista EOS On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 7.5 |
| 2023-04-25 | CVE-2023-24512 | Incorrect Authorization vulnerability in Arista products On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. | 6.5 |
| 2023-04-13 | CVE-2023-24509 | Unspecified vulnerability in Arista EOS On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. | 7.8 |
| 2023-04-12 | CVE-2023-24511 | Memory Leak vulnerability in Arista EOS On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. | 7.5 |
| 2023-04-12 | CVE-2023-24545 | Resource Exhaustion vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |
| 2023-04-12 | CVE-2023-24513 | Out-of-bounds Read vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |