CVE-2024-27890

Vulnerability

Arista EOS platforms configured with OpenConfig are vulnerable when a gNMI Set request is improperly accepted instead of being rejected. This affects specific versions including 4.29.7M and below in the 4.29.x train, 4.28.10M and below in the 4.28.x train, 4.27.8M and below in the 4.27.x train, 4.26.9M and below in the 4.26.x train, 4.25.10M and below in the 4.25.x train, and 4.24.11M and below in the 4.24.x train [1].

Exploitation

An attacker with network access and privileges can send a gNMI Set request to the affected Arista EOS device. This request, which should have been rejected due to authorization issues, is instead processed, allowing the attacker to apply unexpected configurations to the switch [1].

Impact

Successful exploitation allows an attacker to apply unintended configurations to the switch, potentially leading to a significant disruption of network services or the introduction of security weaknesses. This impacts the integrity and availability of the network device [1].

Mitigation

Arista has released hotfixes for this vulnerability. Specific EOS versions with fixes include updates to the 4.31.x, 4.30.x, 4.29.x, 4.28.x, 4.27.x, 4.26.x, 4.25.x, and 4.24.x trains. Arista is not aware of any malicious uses of this issue in customer networks [1].