Unexpected Configuration Application in Arista EOS Due to OpenConfig Vulnerability
CVE-2024-27890

7.2HIGH

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 4 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-27890?

The vulnerability in Arista EOS arises when systems configured with OpenConfig fail to appropriately reject certain gNMI Set requests. This oversight allows for configurations to be applied unexpectedly to the switch, which can lead to network instability, unauthorized changes, and potential security breaches. Proper validation mechanisms are essential to ensure that only valid configuration requests are processed, preventing adverse impacts on network operations.

Affected Version(s)

EOS 710 Series 4.29.0 <= 4.29.7M

EOS 710 Series 4.28.0 <= 4.28.10M

EOS 710 Series 4.27.0 <= 4.27.8M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Feb 26, 2024

CVE-2024-27890 Data

JSON