Eos
by Arista
CVEs (63)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0936 | Med | 0.42 | 6.5 | 0.00 | May 7, 2025 | On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote… | ||
| CVE-2024-5872 | Med | 0.42 | 6.5 | 0.00 | Jan 10, 2025 | On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. | ||
| CVE-2018-5255 | Med | 0.42 | 6.5 | 0.01 | Mar 5, 2018 | The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets. | ||
| CVE-2026-2379 | Med | 0.38 | 5.9 | 0.00 | Jun 5, 2026 | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security… | ||
| CVE-2023-5502 | Med | 0.38 | 5.9 | 0.00 | Jun 4, 2026 | On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication. | ||
| CVE-2024-6437 | Med | 0.38 | 5.8 | 0.00 | Jan 10, 2025 | On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's… | ||
| CVE-2024-27891 | Med | 0.34 | 5.3 | 0.00 | Jun 4, 2026 | On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | ||
| CVE-2025-2796 | Med | 0.34 | 5.3 | 0.00 | May 27, 2025 | On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay… | ||
| CVE-2024-9135 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2025 | On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping. | ||
| CVE-2024-8000 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2025 | On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants… | ||
| CVE-2025-8870 | Med | 0.32 | 4.9 | 0.00 | Nov 14, 2025 | On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153 | ||
| CVE-2025-7048 | Med | 0.28 | 4.3 | 0.00 | Jan 6, 2026 | On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic. | ||
| CVE-2024-7095 | Med | 0.28 | 4.3 | 0.00 | Jan 10, 2025 | On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing… | ||
| CVE-2025-3456 | Low | 0.25 | 3.8 | 0.00 | Aug 25, 2025 | On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be… | ||
| CVE-2025-2826 | Low | 0.17 | 2.6 | 0.00 | May 27, 2025 | n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming… | ||
| CVE-2020-9015 | 0.09 | — | 0.16 | Feb 20, 2020 | Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue… | |||
| CVE-2015-5165 | 0.01 | — | 0.13 | Aug 12, 2015 | The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. | |||
| CVE-2015-3209 | 0.01 | — | 0.10 | Jun 15, 2015 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | |||
| CVE-2023-3646 | 0.00 | — | 0.01 | Aug 29, 2023 | On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. | |||
| CVE-2023-24548 | 0.00 | — | 0.00 | Aug 29, 2023 | On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation… |
- risk 0.42cvss 6.5epss 0.00
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote…
- risk 0.42cvss 6.5epss 0.00
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.
- risk 0.42cvss 6.5epss 0.01
The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.
- risk 0.38cvss 5.9epss 0.00
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security…
- risk 0.38cvss 5.9epss 0.00
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.
- risk 0.38cvss 5.8epss 0.00
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's…
- risk 0.34cvss 5.3epss 0.00
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
- risk 0.34cvss 5.3epss 0.00
On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay…
- risk 0.34cvss 5.3epss 0.00
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
- risk 0.34cvss 5.3epss 0.00
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants…
- risk 0.32cvss 4.9epss 0.00
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
- risk 0.28cvss 4.3epss 0.00
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
- risk 0.28cvss 4.3epss 0.00
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing…
- risk 0.25cvss 3.8epss 0.00
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be…
- risk 0.17cvss 2.6epss 0.00
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming…
- CVE-2020-9015Feb 20, 2020risk 0.09cvss —epss 0.16
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue…
- CVE-2015-5165Aug 12, 2015risk 0.01cvss —epss 0.13
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
- CVE-2015-3209Jun 15, 2015risk 0.01cvss —epss 0.10
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
- CVE-2023-3646Aug 29, 2023risk 0.00cvss —epss 0.01
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
- CVE-2023-24548Aug 29, 2023risk 0.00cvss —epss 0.00
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation…
Page 2 of 4