VYPR

Vendor CVEs

Arista

All CVEs

113 total · sorted by risk
  • CVE-2020-15897Oct 26, 2020
    risk 0.00cvss epss 0.01

    Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

  • CVE-2020-13100Oct 26, 2020
    risk 0.00cvss epss 0.01

    Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

  • CVE-2020-17355Oct 21, 2020
    risk 0.00cvss epss 0.01

    Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.

  • CVE-2020-24333Sep 22, 2020
    risk 0.00cvss epss 0.01

    A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.

  • CVE-2020-11622Jun 10, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1,…

  • CVE-2019-18948Apr 16, 2020
    risk 0.00cvss epss 0.01

    An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the…

  • CVE-2019-18181Dec 19, 2019
    risk 0.00cvss epss 0.00

    In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated…

  • CVE-2019-18615Dec 19, 2019
    risk 0.00cvss epss 0.00

    In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable…

  • CVE-2019-14810Oct 10, 2019
    risk 0.00cvss epss 0.01

    A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on…

  • CVE-2018-12357Aug 15, 2019
    risk 0.00cvss epss 0.01

    Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.

  • CVE-2018-14008Aug 15, 2019
    risk 0.00cvss epss 0.01

    Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.

  • CVE-2015-8236Nov 19, 2015
    risk 0.00cvss epss 0.04

    Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

  • CVE-2015-3214Aug 31, 2015
    risk 0.00cvss epss 0.02

    The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Page 3 of 3