Vulnerabilities > Arista > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-17355 Unspecified vulnerability in Arista EOS
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.
network
low complexity
arista
7.5
7.5
2020-06-10 CVE-2020-11622 Unspecified vulnerability in Arista Cloudeos and Veos
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
network
low complexity
arista
7.5
7.5
2020-06-06 CVE-2020-13881 Information Exposure Through Log Files vulnerability in multiple products
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. 		7.5
7.5
2020-04-16 CVE-2019-18948 Unspecified vulnerability in Arista EOS
An issue was found in Arista EOS.
network
low complexity
arista
7.5
7.5
2019-12-19 CVE-2019-18181 Unspecified vulnerability in Arista Cloudvision Portal
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules.
local
low complexity
arista
7.8
7.8
2019-10-24 CVE-2019-17596 Interpretation Conflict vulnerability in multiple products
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. 		7.5
7.5
2018-04-12 CVE-2018-5254 Channel and Path Errors vulnerability in Arista EOS
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
network
low complexity
arista CWE-417
7.5
7.5
2017-01-23 CVE-2016-9012 Permissions, Privileges, and Access Controls vulnerability in Arista Cloudvision Portal
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
network
low complexity
arista CWE-264
8.8
8.8
2017-01-04 CVE-2016-6894 Resource Management Errors vulnerability in Arista products
Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.
network
low complexity
arista CWE-399
7.5
7.5
2015-11-06 CVE-2015-6855 Divide By Zero vulnerability in multiple products
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. 		7.5
7.5