Vulnerabilities > Arista > Cloudeos
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2023-24512 | Incorrect Authorization vulnerability in Arista products On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. | 6.5 |
| 2023-04-12 | CVE-2023-24545 | Resource Exhaustion vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |
| 2023-04-12 | CVE-2023-24513 | Out-of-bounds Read vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |
| 2020-06-10 | CVE-2020-11622 | Unspecified vulnerability in Arista Cloudeos and Veos A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured. | 7.5 |