arista networks Eos Vulnerabilities
Arista%20networks Eos vulnerabilities.
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
UDP Vulnerability in Arista EOS Network Operating System
CVE-2025-6188Arista NetworksEos7.5HIGHExposed Global Encryption Key in Arista EOS Logging
CVE-2025-3456Arista NetworksEos3.8LOWIngress ACL Policy Bypass in Arista EOS Platforms
CVE-2025-2826Arista NetworksEos2.6LOWIPSec Vulnerability in Arista EOS with Anti-Replay Protection
CVE-2025-2796Arista NetworksEos5.3MEDIUMVLAN Isolation Breach in Arista EOS Network Switches
CVE-2024-11185Arista NetworksEos6.5MEDIUMTraffic Policy Misconfiguration in Arista EOS Network Infrastructure
CVE-2024-9448Arista NetworksEos7.5HIGHCredential Logging Vulnerability in Arista EOS Affecting gNMI Transport
CVE-2025-0936Arista NetworksEos6.5MEDIUMDynamic ACL Installation Issue in Arista EOS with 802.1X Configuration
CVE-2024-8000Arista NetworksEos5.3MEDIUMMemory Leak Vulnerability in Arista EOS BGP Configuration
CVE-2024-9135Arista NetworksEos5.3MEDIUMConfiguration Bypass Vulnerability in Arista EOS Network Switch by Arista Networks
CVE-2025-1260Arista NetworksEos9.1CRITICALData Exposure Vulnerability in Arista EOS with OpenConfig Configuration
CVE-2025-1259Arista NetworksEos7.7HIGHOn affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets
CVE-2023-24548Arista NetworksEos5.3MEDIUMOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
CVE-2023-3646Arista NetworksEos5.9MEDIUMOn the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
CVE-2023-24510Arista NetworksArista Eos7.5HIGHOn affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...
CVE-2023-24509Arista NetworksArista Eos9.3CRITICALOn affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.
CVE-2023-24511Arista NetworksEos5.3MEDIUMOn affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...
CVE-2023-24513Arista NetworksEos6.5MEDIUMOn affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.
CVE-2023-24545Arista NetworksEos7.5HIGHFor certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
CVE-2021-28510Arista NetworksEos5.3MEDIUMThis advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ...
CVE-2021-28511Arista NetworksEos5.8MEDIUMTerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP
CVE-2021-28508Arista NetworksArista Eos6.8MEDIUMTerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP
CVE-2021-28509Arista NetworksArista Eos6.1MEDIUMOn affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
CVE-2021-28505Arista NetworksEos7.5HIGHOn Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...
CVE-2021-28504Arista NetworksEos7.5HIGHIn Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
CVE-2021-28503Arista NetworksArista Eos7.4HIGH