Vulnerabilities > Arista > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-20 | CVE-2024-12829 | OS Command Injection vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-12-20 | CVE-2024-12830 | Path Traversal vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. | 7.3 |
| 2024-12-20 | CVE-2024-12831 | Incorrect Authorization vulnerability in Arista NG Firewall 17.1.1 Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. | 7.8 |
| 2023-08-29 | CVE-2023-3646 | Out-of-bounds Read vulnerability in Arista EOS On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | 7.5 |
| 2023-06-13 | CVE-2023-24546 | Incorrect Authorization vulnerability in Arista Cloudvision Portal On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. | 8.1 |
| 2023-06-05 | CVE-2023-24510 | Improper Handling of Exceptional Conditions vulnerability in Arista EOS On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. | 7.5 |
| 2023-04-13 | CVE-2023-24509 | Unspecified vulnerability in Arista EOS On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. | 7.8 |
| 2023-04-12 | CVE-2023-24511 | Memory Leak vulnerability in Arista EOS On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. | 7.5 |
| 2023-04-12 | CVE-2023-24545 | Resource Exhaustion vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |
| 2023-04-12 | CVE-2023-24513 | Out-of-bounds Read vulnerability in Arista Cloudeos On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. | 7.5 |