Vulnerabilities > Arista

DATE CVE VULNERABILITY TITLE RISK
2021-01-20 CVE-2020-25684 A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian arista
3.7
2020-12-28 CVE-2020-24360 Improper Resource Shutdown or Release vulnerability in Arista EOS
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload.
low complexity
arista CWE-404
7.4
2020-12-28 CVE-2020-15898 Unspecified vulnerability in Arista EOS
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction.
network
low complexity
arista
5.3
2020-12-28 CVE-2020-26569 Unspecified vulnerability in Arista EOS
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries.
network
high complexity
arista
5.9
2020-10-26 CVE-2020-15897 Unspecified vulnerability in Arista EOS
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.
network
low complexity
arista
7.5
2020-10-26 CVE-2020-13100 Unspecified vulnerability in Arista Cloudvision Exchange
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
network
low complexity
arista
7.5
2020-10-21 CVE-2020-17355 Unspecified vulnerability in Arista EOS
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.
network
low complexity
arista
7.5
2020-09-22 CVE-2020-24333 Unspecified vulnerability in Arista Cloudvision Portal
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
network
low complexity
arista
6.5
2020-09-08 CVE-2020-3702 Cleartext Transmission of Sensitive Information vulnerability in multiple products
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150
low complexity
qualcomm debian arista CWE-319
6.5
2020-06-10 CVE-2020-11622 Unspecified vulnerability in Arista Cloudeos and Veos
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
network
low complexity
arista
7.5