Bypass of 802.1x Authentication on Arista EOS
CVE-2023-5502

8.2HIGH

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 4 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2023-5502?

The vulnerability in Arista EOS, specifically when configured with 802.1x authentication on access and trunk ports with routing enabled on the access VLAN, allows a malicious user to bypass the required 802.1x authentication, potentially compromising network security. This exploit can lead to unauthorized access to the network and sensitive data leakage, posing significant risks to organizations relying on proper authentication protocols.

Affected Version(s)

EOS 7020R Series 4.31.0 <= 4.31.0F

EOS 7020R Series 4.30.0 <= 4.30.4M

EOS 7020R Series 4.29.0 <= 4.29.6M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Oct 10, 2023

CVE-2023-5502 Data

JSON