arista networks Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by arista networks
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
SSH Port Forwarding Vulnerability in Arista Networks Products
CVE-2025-54546Arista NetworksDanz Monitoring Fabric7.5HIGHPrivilege Escalation in Arista's CLI Environment
CVE-2025-54545Arista NetworksDanz Monitoring Fabric7.8HIGHCommand Injection Vulnerability in Arista Product
CVE-2025-6978Arista NetworksArista Edge Threat Man...7.2HIGHAuthentication Bypass in Arista Captive Portal
CVE-2025-6979Arista NetworksArista Edge Threat Man...8.8HIGHSensitive Information Exposure in Arista's Captive Portal
CVE-2025-6980Arista NetworksArista Edge Threat Man...7.5HIGHUDP Vulnerability in Arista EOS Network Operating System
CVE-2025-6188Arista NetworksEos7.5HIGHTraffic Policy Misconfiguration in Arista EOS Network Infrastructure
CVE-2024-9448Arista NetworksEos7.5HIGHCleartext Packet Transmission in Arista EOS with Secure Vxlan Configuration
CVE-2024-12378Arista NetworksCloudvision Portal9.1CRITICALImproper Access Control in Arista CloudVision Portal
CVE-2024-11186Arista NetworksCloudvision Portal10CRITICALPrivilege Escalation Vulnerability in Arista CloudVision Systems
CVE-2025-0505Arista NetworksCloudvision Portal10CRITICALAdmin Privilege Escalation Vulnerability in Arista CloudVision Portal
CVE-2024-8100Arista NetworksCloudvision8.7HIGHConfiguration Bypass Vulnerability in Arista EOS Network Switch by Arista Networks
CVE-2025-1260Arista NetworksEos9.1CRITICALData Exposure Vulnerability in Arista EOS with OpenConfig Configuration
CVE-2025-1259Arista NetworksEos7.7HIGHCommand Injection Vulnerability in Arista NG Firewall
CVE-2024-12829Arista NetworksNg Firewall8.8HIGHDirectory Traversal Remote Code Execution Flaw in Arista NG Firewall
CVE-2024-12830Arista NetworksNg Firewall7.3HIGHPrivilege Escalation Vulnerability in Arista NG Firewall
CVE-2024-12831Arista NetworksNg Firewall7.8HIGHArista NG Firewall (NGFW) Vulnerable to SQL Injection Attacks
CVE-2024-27889Arista NetworksArista Edge Threat Man...8.8HIGHOn the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
CVE-2023-24510Arista NetworksArista Eos7.5HIGHOn affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch.
CVE-2023-24512Arista NetworksTerminattr8.8HIGHOn affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...
CVE-2023-24509Arista NetworksArista Eos9.3CRITICALOn affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch.
CVE-2023-24545Arista NetworksEos7.5HIGHOn affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
CVE-2021-28505Arista NetworksEos7.5HIGHOn Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...
CVE-2021-28504Arista NetworksEos7.5HIGHIn Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
CVE-2021-28503Arista NetworksArista Eos7.4HIGHAn issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
CVE-2021-28500Arista NetworksArista Eos9.1CRITICAL