Arista
Products
44- 63 CVEs
- 10 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- View all 44 products →
Recent CVEs
113| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by… | |
| CVE-2014-6271 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,… | |
| CVE-2017-14491 | Cri | 0.73 | 9.8 | 0.85 | Oct 4, 2017 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | ||
| CVE-2025-0505 | Cri | 0.65 | 10.0 | 0.01 | May 8, 2025 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under… | ||
| CVE-2024-11186 | Cri | 0.65 | 10.0 | 0.01 | May 8, 2025 | On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact… | ||
| CVE-2024-6387 | Hig | 0.64 | 8.1 | 1.00 | Jul 1, 2024 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time… | ||
| CVE-2024-27892 | Cri | 0.62 | 9.6 | 0.00 | Jun 4, 2026 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||
| CVE-2024-27890 | Cri | 0.62 | 9.6 | 0.04 | Jun 4, 2026 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||
| CVE-2026-31431 | Hig | 0.59 | 7.8 | 0.97 | KEV | Apr 22, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the… | |
| CVE-2024-12378 | Cri | 0.59 | 9.1 | 0.00 | May 8, 2025 | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. | ||
| CVE-2025-1260 | Cri | 0.59 | 9.1 | 0.00 | Mar 4, 2025 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch. | ||
| CVE-2024-8100 | Hig | 0.57 | 8.7 | 0.01 | May 8, 2025 | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. | ||
| CVE-2016-9012 | Hig | 0.57 | 8.8 | 0.01 | Jan 23, 2017 | CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. | ||
| CVE-2024-4578 | Hig | 0.55 | 8.4 | 0.00 | Jun 27, 2024 | This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require… | ||
| CVE-2025-5088 | Hig | 0.54 | 8.3 | 0.00 | Jun 5, 2026 | An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication,… | ||
| CVE-2025-54545 | Hig | 0.51 | 7.8 | 0.00 | Oct 29, 2025 | On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges. | ||
| CVE-2026-7473 | Med | 0.50 | 5.8 | 0.01 | KEV | Jun 5, 2026 | On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other… | |
| CVE-2025-1259 | Hig | 0.50 | 7.7 | 0.00 | Mar 4, 2025 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available | ||
| CVE-2025-8873 | Hig | 0.49 | 7.5 | 0.00 | Jun 4, 2026 | On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not… | ||
| CVE-2025-6980 | Hig | 0.49 | 7.5 | 0.00 | Oct 23, 2025 | Captive Portal can expose sensitive information |
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…
- risk 0.73cvss 9.8epss 0.85
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
- risk 0.65cvss 10.0epss 0.01
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under…
- risk 0.65cvss 10.0epss 0.01
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact…
- risk 0.64cvss 8.1epss 1.00
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…
- risk 0.62cvss 9.6epss 0.00
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
- risk 0.62cvss 9.6epss 0.04
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
- risk 0.59cvss 7.8epss 0.97
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…
- risk 0.59cvss 9.1epss 0.00
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
- risk 0.59cvss 9.1epss 0.00
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
- risk 0.57cvss 8.7epss 0.01
On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
- risk 0.57cvss 8.8epss 0.01
CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.
- risk 0.55cvss 8.4epss 0.00
This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require…
- risk 0.54cvss 8.3epss 0.00
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication,…
- risk 0.51cvss 7.8epss 0.00
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
- risk 0.50cvss 5.8epss 0.01
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other…
- risk 0.50cvss 7.7epss 0.00
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available
- risk 0.49cvss 7.5epss 0.00
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not…
- risk 0.49cvss 7.5epss 0.00
Captive Portal can expose sensitive information