Vendor CVEs
Arista
All CVEs
113 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15897 | 0.00 | — | 0.01 | Oct 26, 2020 | Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router. | |||
| CVE-2020-13100 | 0.00 | — | 0.01 | Oct 26, 2020 | Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet. | |||
| CVE-2020-17355 | 0.00 | — | 0.01 | Oct 21, 2020 | Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed. | |||
| CVE-2020-24333 | 0.00 | — | 0.01 | Sep 22, 2020 | A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | |||
| CVE-2020-11622 | 0.00 | — | 0.01 | Jun 10, 2020 | A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1,… | |||
| CVE-2019-18948 | 0.00 | — | 0.01 | Apr 16, 2020 | An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the… | |||
| CVE-2019-18181 | 0.00 | — | 0.00 | Dec 19, 2019 | In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated… | |||
| CVE-2019-18615 | 0.00 | — | 0.00 | Dec 19, 2019 | In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable… | |||
| CVE-2019-14810 | 0.00 | — | 0.01 | Oct 10, 2019 | A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on… | |||
| CVE-2018-12357 | 0.00 | — | 0.01 | Aug 15, 2019 | Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. | |||
| CVE-2018-14008 | 0.00 | — | 0.01 | Aug 15, 2019 | Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | |||
| CVE-2015-8236 | 0.00 | — | 0.04 | Nov 19, 2015 | Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. | |||
| CVE-2015-3214 | 0.00 | — | 0.02 | Aug 31, 2015 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. |
- CVE-2020-15897Oct 26, 2020risk 0.00cvss —epss 0.01
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.
- CVE-2020-13100Oct 26, 2020risk 0.00cvss —epss 0.01
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
- CVE-2020-17355Oct 21, 2020risk 0.00cvss —epss 0.01
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.
- CVE-2020-24333Sep 22, 2020risk 0.00cvss —epss 0.01
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
- CVE-2020-11622Jun 10, 2020risk 0.00cvss —epss 0.01
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1,…
- CVE-2019-18948Apr 16, 2020risk 0.00cvss —epss 0.01
An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the…
- CVE-2019-18181Dec 19, 2019risk 0.00cvss —epss 0.00
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated…
- CVE-2019-18615Dec 19, 2019risk 0.00cvss —epss 0.00
In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable…
- CVE-2019-14810Oct 10, 2019risk 0.00cvss —epss 0.01
A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer potentially allowing the possibility of a Denial of Service (DoS) attack on…
- CVE-2018-12357Aug 15, 2019risk 0.00cvss —epss 0.01
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
- CVE-2018-14008Aug 15, 2019risk 0.00cvss —epss 0.01
Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.
- CVE-2015-8236Nov 19, 2015risk 0.00cvss —epss 0.04
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.
- CVE-2015-3214Aug 31, 2015risk 0.00cvss —epss 0.02
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Page 3 of 3