arista networks Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by arista networks
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Traffic Policy Misconfiguration in Arista EOS Network Infrastructure
CVE-2024-9448Arista NetworksEos7.5HIGHCleartext Packet Transmission in Arista EOS with Secure Vxlan Configuration
CVE-2024-12378Arista NetworksCloudvision Portal9.1CRITICALImproper Access Control in Arista CloudVision Portal
CVE-2024-11186Arista NetworksCloudvision Portal10CRITICALPrivilege Escalation Vulnerability in Arista CloudVision Systems
CVE-2025-0505Arista NetworksCloudvision Portal10CRITICALAdmin Privilege Escalation Vulnerability in Arista CloudVision Portal
CVE-2024-8100Arista NetworksCloudvision8.7HIGHConfiguration Bypass Vulnerability in Arista EOS Network Switch by Arista Networks
CVE-2025-1260Arista NetworksEos9.1CRITICALData Exposure Vulnerability in Arista EOS with OpenConfig Configuration
CVE-2025-1259Arista NetworksEos7.7HIGHCommand Injection Vulnerability in Arista NG Firewall
CVE-2024-12829Arista NetworksNg Firewall8.8HIGHDirectory Traversal Remote Code Execution Flaw in Arista NG Firewall
CVE-2024-12830Arista NetworksNg Firewall7.3HIGHPrivilege Escalation Vulnerability in Arista NG Firewall
CVE-2024-12831Arista NetworksNg Firewall7.8HIGHArista NG Firewall (NGFW) Vulnerable to SQL Injection Attacks
CVE-2024-27889Arista NetworksArista Edge Threat Man...8.8HIGHOn the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
CVE-2023-24510Arista NetworksArista Eos7.5HIGHOn affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.
CVE-2023-24512Arista NetworksTerminattr8.8HIGHOn affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...
CVE-2023-24509Arista NetworksArista Eos9.3CRITICALOn affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.
CVE-2023-24545Arista NetworksEos7.5HIGHOn affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
CVE-2021-28505Arista NetworksEos7.5HIGHOn Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...
CVE-2021-28504Arista NetworksEos7.5HIGHIn Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
CVE-2021-28503Arista NetworksArista Eos7.4HIGHAn issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
CVE-2021-28500Arista NetworksArista Eos9.1CRITICALAn issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
CVE-2021-28501Arista NetworksTerminattr9.1CRITICALAn issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
CVE-2021-28506Arista NetworksEos9.1CRITICAL
8 May 2025
4 March 2025
20 December 2024
4 March 2024
5 June 2023
25 April 2023
13 April 2023
12 April 2023
14 April 2022
1 April 2022
4 February 2022
14 January 2022
No more vulnerabilities to load.