Vulnerabilities > Arista

DATE CVE VULNERABILITY TITLE RISK
2019-08-15 CVE-2018-14008 Improper Authentication vulnerability in Arista EOS
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
low complexity
arista CWE-287
3.3
2019-08-15 CVE-2018-12357 Incorrect Permission Assignment for Critical Resource vulnerability in Arista Cloudvision Portal
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
network
low complexity
arista CWE-732
4.0
2018-04-12 CVE-2018-5254 Channel and Path Errors vulnerability in Arista EOS
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
network
low complexity
arista CWE-417
5.0
2018-03-05 CVE-2018-5255 Unspecified vulnerability in Arista EOS
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.
network
low complexity
arista
4.0
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-10-04 CVE-2017-14491 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
7.5
2017-01-23 CVE-2016-9012 Permissions, Privileges, and Access Controls vulnerability in Arista Cloudvision Portal
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
network
low complexity
arista CWE-264
6.5
2017-01-04 CVE-2016-6894 Resource Management Errors vulnerability in Arista products
Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.
network
low complexity
arista CWE-399
7.8
2015-11-19 CVE-2015-8236 Permissions, Privileges, and Access Controls vulnerability in Arista EOS
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.
network
low complexity
arista CWE-264
critical
10.0
2015-11-06 CVE-2015-6855 Divide By Zero vulnerability in multiple products
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.
5.0