U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:arista:eos:4.24.8:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2023-24548

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.

Published: August 29, 2023; 1:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-24510

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.

Published: June 05, 2023; 6:15:11 PM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-24509

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

Published: April 13, 2023; 4:15:08 PM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-28511

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.

Published: August 05, 2022; 1:15:07 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-28509

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

Published: May 26, 2022; 4:15:08 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2021-28508

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.

Published: May 26, 2022; 4:15:08 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW