VYPR

Vendor CVEs

Arista

All CVEs

113 total · sorted by risk
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2025-0505CriMay 8, 2025
    risk 0.65cvss 10.0epss 0.01

    On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under…

  • CVE-2024-11186CriMay 8, 2025
    risk 0.65cvss 10.0epss 0.01

    On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact…

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2024-27892CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

  • CVE-2024-27890CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.04

    Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

  • CVE-2026-31431HigKEVApr 22, 2026
    risk 0.59cvss 7.8epss 0.97

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the…

  • CVE-2024-12378CriMay 8, 2025
    risk 0.59cvss 9.1epss 0.00

    On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

  • CVE-2025-1260CriMar 4, 2025
    risk 0.59cvss 9.1epss 0.00

    On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.

  • CVE-2024-8100HigMay 8, 2025
    risk 0.57cvss 8.7epss 0.01

    On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

  • CVE-2016-9012HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.01

    CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

  • CVE-2024-4578HigJun 27, 2024
    risk 0.55cvss 8.4epss 0.00

    This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require…

  • CVE-2025-5088HigJun 5, 2026
    risk 0.54cvss 8.3epss 0.00

    An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication,…

  • CVE-2025-54545HigOct 29, 2025
    risk 0.51cvss 7.8epss 0.00

    On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

  • CVE-2026-7473MedKEVJun 5, 2026
    risk 0.50cvss 5.8epss 0.01

    On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other…

  • CVE-2025-1259HigMar 4, 2025
    risk 0.50cvss 7.7epss 0.00

    On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

  • CVE-2025-8873HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not…

  • CVE-2025-6980HigOct 23, 2025
    risk 0.49cvss 7.5epss 0.00

    Captive Portal can expose sensitive information

  • CVE-2025-6188HigAug 25, 2025
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of…

  • CVE-2024-9448HigMay 8, 2025
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be…

  • CVE-2018-5254HigApr 12, 2018
    risk 0.49cvss 7.5epss 0.01

    Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.

  • CVE-2016-6894HigJan 4, 2017
    risk 0.49cvss 7.5epss 0.02

    Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.

  • CVE-2015-6855HigNov 6, 2015
    risk 0.49cvss 7.5epss 0.04

    hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty…

  • CVE-2025-5090MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a…

  • CVE-2025-5089MedJun 5, 2026
    risk 0.42cvss 6.5epss 0.00

    In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either…

  • CVE-2024-6858MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.

  • CVE-2025-8872MedDec 16, 2025
    risk 0.42cvss 6.5epss 0.00

    On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue…

  • CVE-2024-11185MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.

  • CVE-2025-0936MedMay 7, 2025
    risk 0.42cvss 6.5epss 0.00

    On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote…

  • CVE-2024-5872MedJan 10, 2025
    risk 0.42cvss 6.5epss 0.00

    On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.

  • CVE-2020-26144MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.05

    An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject…

  • CVE-2020-26143MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.04

    An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network…

  • CVE-2020-26140MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.03

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

  • CVE-2018-5255MedMar 5, 2018
    risk 0.42cvss 6.5epss 0.01

    The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.

  • CVE-2026-25623MedJun 5, 2026
    risk 0.39cvss 6.0epss 0.06

    An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing…

  • CVE-2026-25622MedJun 5, 2026
    risk 0.39cvss 6.0epss 0.10

    A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute…

  • CVE-2026-25621MedJun 5, 2026
    risk 0.39cvss 6.0epss 0.00

    A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

  • CVE-2026-25620MedJun 5, 2026
    risk 0.39cvss 6.0epss 0.10

    An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

  • CVE-2026-2379MedJun 5, 2026
    risk 0.38cvss 5.9epss 0.00

    On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security…

  • CVE-2023-5502MedJun 4, 2026
    risk 0.38cvss 5.9epss 0.00

    On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.

  • CVE-2024-6437MedJan 10, 2025
    risk 0.38cvss 5.8epss 0.00

    On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's…

  • CVE-2026-25624MedJun 5, 2026
    risk 0.37cvss 5.7epss 0.00

    An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating…

  • CVE-2020-26147MedMay 11, 2021
    risk 0.35cvss 5.4epss 0.08

    An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends…

  • CVE-2020-26139MedMay 11, 2021
    risk 0.35cvss 5.3epss 0.06

    An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against…

  • CVE-2024-27891MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.

  • CVE-2025-2796MedMay 27, 2025
    risk 0.34cvss 5.3epss 0.00

    On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay…

  • CVE-2024-9135MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.

  • CVE-2024-8000MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants…

Page 1 of 3