In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
CVE-2024-6858

Currently unrated

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 4 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2024-6858?

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

Affected Version(s)

EOS 720D Series 4.31.0 <= 4.31.1F

EOS 720D Series 4.30.0 <= 4.30.5M

EOS 720D Series 4.29.0 <= 4.29.7M

References

https://www.arista.com/en/support/advisories-notices/secu...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jul 17, 2024

CVE-2024-6858 Data

JSON