Cleartext Packet Transmission in Arista EOS with Secure Vxlan Configuration
CVE-2024-12378

9.1CRITICAL

Key Information:

Vendor: Arista Networks
Status: Cloudvision Portal
Vendor: CVE Published:; 8 May 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-12378?

A vulnerability exists in Arista EOS when operating with secure Vxlan configured. Restarting the Tunnelsec agent can lead to unintended transmission of packets in cleartext over these secure tunnels, potentially exposing sensitive network data to interception.

Affected Version(s)

CloudVision Portal 4.32.0 <= 4.32.2F

CloudVision Portal 4.31.0 <= 4.31.6M

CloudVision Portal 4.30.0 <= 4.30.8M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Dec 9, 2024