Vulnerabilities > Arista > Cloudeos

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-24512 Incorrect Authorization vulnerability in Arista products
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.
network
low complexity
arista CWE-863
6.5
6.5
2023-04-12 CVE-2023-24545 Resource Exhaustion vulnerability in Arista Cloudeos
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.
network
low complexity
arista CWE-400
7.5
7.5
2023-04-12 CVE-2023-24513 Out-of-bounds Read vulnerability in Arista Cloudeos
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.
network
low complexity
arista CWE-125
7.5
7.5
2020-06-10 CVE-2020-11622 Unspecified vulnerability in Arista Cloudeos and Veos
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
network
arista
4.3
4.3