Search criteria
69 vulnerabilities
CVE-2025-8870 (GCVE-0-2025-8870)
Vulnerability from cvelistv5 – Published: 2025-11-14 15:57 – Updated: 2025-11-14 16:29
VLAI?
Summary
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
Severity ?
4.9 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.2FX
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8870",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T16:28:58.202689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:29:13.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710X Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.2FX",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevice must be using the Synopsys Designware serial model:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#bash dmesg | grep \"Synopsys DesignWare\"\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSynopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\n\n\n * An attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\n\n\nAND\n\n * Device must be using the Synopsys Designware serial model:\n\n\n\n#bash dmesg | grep \"Synopsys DesignWare\"\n\n[ \u00a0 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a Synopsys DesignWare\n\n[ \u00a0 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:eos:4.34.2fx:*:710x_series:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-11-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:57:04.673Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22811-security-advisory-0125"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2025-8870 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.35.0F and later releases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2025-8870 has been fixed in the following releases:\n\n * 4.35.0F and later releases"
}
],
"source": {
"defect": [
"1206724"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe mitigation is to limit access to the serial console.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The mitigation is to limit access to the serial console."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8870",
"datePublished": "2025-11-14T15:57:04.673Z",
"dateReserved": "2025-08-11T18:15:44.614Z",
"dateUpdated": "2025-11-14T16:29:13.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54549 (GCVE-0-2025-54549)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:55 – Updated: 2025-10-30 14:12
VLAI?
Summary
Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity ?
5.9 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:12:50.353170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:12:59.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe operator must attempt to install a tampered software upgrade image.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The operator must attempt to install a tampered software upgrade image."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO"
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:55:54.433Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1121566",
"BSC-20815"
],
"discovery": "INTERNAL"
},
"title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA downloaded upgrade image can be manually checked against the hash values published on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/software-download\"\u003earista.com\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf the published hash values do not match those of the image this is a potential indicator of compromise.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A downloaded upgrade image can be manually checked against the hash values published on arista.com https://www.arista.com/support/software-download .\nIf the published hash values do not match those of the image this is a potential indicator of compromise."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54549",
"datePublished": "2025-10-29T22:55:54.433Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:12:59.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54548 (GCVE-0-2025-54548)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:52 – Updated: 2025-10-30 14:15
VLAI?
Summary
On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:13:10.416471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:49.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)"
}
],
"impacts": [
{
"capecId": "CAPEC-36",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-36 Using Unpublished Interfaces or Functionality"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:52:54.039Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1082430",
"BSC-20741"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any restricted users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any restricted users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54548",
"datePublished": "2025-10-29T22:52:54.039Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:49.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54547 (GCVE-0-2025-54547)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:45 – Updated: 2025-10-30 14:15
VLAI?
Summary
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity ?
5.3 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:13:17.500900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:29.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: The connecting SSH client must be configured to allow multiple sessions to be multiplexed onto the same SSH Connection (e.g., via the OpenSSH \u003c/span\u003e\u003cb\u003eControlMaster auto\u003c/b\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;configuration or other equivalent configurations); The ControlMaster connection must be active; The attacker must have access to the ControlMaster socket on the client.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: The connecting SSH client must be configured to allow multiple sessions to be multiplexed onto the same SSH Connection (e.g., via the OpenSSH ControlMaster auto\u00a0configuration or other equivalent configurations); The ControlMaster connection must be active; The attacker must have access to the ControlMaster socket on the client."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired"
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:45:53.499Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084527",
"BSC-20748"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo known mitigation \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No known mitigation"
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54547",
"datePublished": "2025-10-29T22:45:53.499Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:29.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54546 (GCVE-0-2025-54546)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:40 – Updated: 2025-10-30 14:15
VLAI?
Summary
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity ?
7.5 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:14:21.419821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:15:10.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, restricted users could use SSH port forwarding to access host-internal services\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:40:57.833Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084523"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any restricted users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any restricted users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54546",
"datePublished": "2025-10-29T22:40:57.833Z",
"dateReserved": "2025-07-24T18:47:24.387Z",
"dateUpdated": "2025-10-30T14:15:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54545 (GCVE-0-2025-54545)
Vulnerability from cvelistv5 – Published: 2025-10-29 22:36 – Updated: 2025-10-30 14:14
VLAI?
Summary
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity ?
7.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | DANZ Monitoring Fabric |
Affected:
0
(custom)
Affected: 0 , ≤ DMF 8.6.1 (custom) Affected: 0 , ≤ DMF 8.5.2 (custom) Affected: 0 , ≤ CCF 6.2.4 (custom) Affected: 0 , ≤ CVA 7.0 (custom) Affected: 0 , ≤ MCD 2.4.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:14:29.376193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:14:49.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"DCA-350E-CV",
"DCA-300-CV",
"DCA-250-CV",
"DCA-200-CV",
"Arista Converged Cloud Fabric",
"Arista DANZ Monitoring Fabric",
"Arista Multi-Cloud Director"
],
"product": "DANZ Monitoring Fabric",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.6.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "DMF 8.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CCF 6.2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "CVA 7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "MCD 2.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS)."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.6.1",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "dmf_8.5.2",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "ccf_6.2.4",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "cva_7.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*",
"versionEndIncluding": "mcd_2.4.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-10-22T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "capec-233"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T22:36:24.379Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eDanz Monitoring Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eDMF 8.7.1 and later releases in the 8.7.x train\u003c/li\u003e\u003cli\u003eDMF 8.6.2 and later releases in the 8.6.x train\u003c/li\u003e\u003cli\u003eDMF 8.5.3 and later releases in the 8.5.x train\u003c/li\u003e\u003cli\u003eDMF 8.4.6 and later releases in the 8.4.x train.\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eConverged Cloud Fabric\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCCF 6.2.5 and later releases in the 6.2.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eCloud Vision Appliance\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eCVA 7.1.0 and later releases in the CVA 7.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e\u003cb\u003eMulti-Cloud Director\u003c/b\u003e\u003c/div\u003e\u003col\u003e\u003col\u003e\u003cul\u003e\u003cli\u003eMCD 2.4.1 and later releases in the 2.4.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ol\u003e\u003c/ol\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"
}
],
"source": {
"advisory": "124",
"defect": [
"BUG1084524",
"BSC-20739"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable any non-administrator users until an upgraded version can be installed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable any non-administrator users until an upgraded version can be installed."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-54545",
"datePublished": "2025-10-29T22:36:24.379Z",
"dateReserved": "2025-07-24T18:47:24.386Z",
"dateUpdated": "2025-10-30T14:14:49.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6978 (GCVE-0-2025-6978)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:50 – Updated: 2025-10-23 18:58
VLAI?
Summary
Diagnostics command injection vulnerability
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Credits
Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:58:35.986380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:58:45.528Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e\u003c/h4\u003e\u003ch4\u003eCVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability\u003c/h4\u003e\u003cp\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA successful attack requires administrative access to the NGFW UI.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDiagnostics command injection vulnerability\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Diagnostics command injection vulnerability"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:50:14.706Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15195"
],
"discovery": "EXTERNAL"
},
"title": "Diagnostics command injection vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e\u003c/h4\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDo not allow non-authorized administrative access or access to the administrative browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Do not allow non-authorized administrative access or access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6978",
"datePublished": "2025-10-23T18:50:14.706Z",
"dateReserved": "2025-07-01T16:52:56.316Z",
"dateUpdated": "2025-10-23T18:58:45.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6979 (GCVE-0-2025-6979)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:46 – Updated: 2025-10-23 18:59
VLAI?
Summary
Captive Portal can allow authentication bypass
Severity ?
8.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Credits
Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6979
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:59:26.677141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:59:32.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eCVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eNo evidence of compromise exists.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6979"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCaptive Portal can allow authentication bypass\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Captive Portal can allow authentication bypass"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:46:37.557Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15196"
],
"discovery": "EXTERNAL"
},
"title": "Captive Portal can allow authentication bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "MitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6979",
"datePublished": "2025-10-23T18:46:37.557Z",
"dateReserved": "2025-07-01T16:53:03.559Z",
"dateUpdated": "2025-10-23T18:59:32.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6980 (GCVE-0-2025-6980)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:41 – Updated: 2025-10-23 18:59
VLAI?
Summary
Captive Portal can expose sensitive information
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management - Arista Next Generation Firewall |
Affected:
0.0 , ≤ 17.3.1
(custom)
|
Credits
Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T18:59:53.166328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:59:58.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management - Arista Next Generation Firewall",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.3.1",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003e1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive information\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003cp\u003eThe above shows Captive Portal as enabled.\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cdiv\u003eNo evidence of compromise exists.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003e2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass\u003c/h4\u003e\u003cdiv\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eIf the Captive Portal application is installed and enabled, the systems are vulnerable.\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/li\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"\u003e\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eNo evidence of compromise exists.\u003c/p\u003e\u003ch4\u003eMitigation\u003c/h4\u003e\u003cp\u003eDisable Captive Portal.\u003c/p\u003e\u003cdiv\u003eAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\u003c/div\u003e\u003col\u003e\u003cli\u003eIf the Captive Portal application is not installed, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eIf Captive Portal is not enabled, the system is not vulnerable.\u003c/li\u003e\u003cli\u003eMove the Enabled slider to disabled.\u003c/li\u003e\u003cli\u003eClick Save\u003c/li\u003e\u003cli\u003eDisable Captive Portal.\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cimg alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"\u003e\u003c/p\u003e\u003ch4\u003e3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability\u003c/h4\u003e\u003cp\u003e\u003cb\u003eRequired Configuration for Exploitation\u003c/b\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eA successful attack requires administrative access to the NGFW UI.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive informationRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nThe above shows Captive Portal as enabled.\n\nIndicators of CompromiseNo evidence of compromise exists.\n\n\u00a0\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n\u00a0\n\n2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists.\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*",
"versionEndIncluding": "17.3.1",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980"
}
],
"datePublic": "2025-10-21T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCaptive Portal can expose sensitive information\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Captive Portal can expose sensitive information"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:41:47.326Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to the version indicated below at your earliest convenience.\u003c/p\u003e\u003cul\u003e\u003cli\u003e17.4 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"
}
],
"source": {
"advisory": "123",
"defect": [
"NGFW-15197"
],
"discovery": "EXTERNAL"
},
"title": "Captive Portal can expose sensitive information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDo not allow non-authorized administrative access or access to the administrative browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Do not allow non-authorized administrative access or access to the administrative browser."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6980",
"datePublished": "2025-10-23T18:41:47.326Z",
"dateReserved": "2025-07-01T16:53:05.372Z",
"dateUpdated": "2025-10-23T18:59:58.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6188 (GCVE-0-2025-6188)
Vulnerability from cvelistv5 – Published: 2025-08-25 20:14 – Updated: 2025-08-27 14:53
VLAI?
Summary
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
Severity ?
7.5 (High)
CWE
- 288
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1F
(custom)
Affected: 4.33.1.0 , ≤ 4.33.1.2F (custom) Affected: 4.32.4.0 , ≤ 4.32.4.1M (custom) Affected: 4.31.0 , ≤ 4.31.6M (custom) Affected: 4.30.0 , ≤ 4.30.9.1M (custom) |
Credits
This issue was discovered externally and responsibly reported to Arista by Chris Laffin of automattic.com.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T19:56:57.303610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:53:30.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.1.2F",
"status": "affected",
"version": "4.33.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.4.1M",
"status": "affected",
"version": "4.32.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9.1M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEOS devices are vulnerable to CVE-2025-6188 by default, and no specific configuration is necessary.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "EOS devices are vulnerable to CVE-2025-6188 by default, and no specific configuration is necessary."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This issue was discovered externally and responsibly reported to Arista by Chris Laffin of automattic.com."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-486",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-486 UDP Flood"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:14:23.427Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22021-security-advisory-0121"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-6188 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.0 and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.5 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.10 and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-6188 has been fixed in the following releases:\n\n * 4.34.0 and later releases in the 4.34.x train\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.5 and later releases in the 4.32.x train\n * 4.31.7 and later releases in the 4.31.x train\n * 4.30.10 and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "121",
"defect": [
"BUG 1008073"
],
"discovery": "EXTERNAL"
},
"title": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503.\u003c/p\u003e\u003cpre\u003eSwitch(config)#system control-plane\nSwitch(config-cp)#ip access-group my-custom-acl \n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor EOS versions more recent than 4.22.0, an \u2018mpls ping\u2019 service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL.\u003c/p\u003e\u003cp\u003eTake the following example, where the user applies service ACL \u2018Foo\u2019 that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else.\u003c/p\u003e\u003cpre\u003eSwitch(config)#ip access-list Foo\nSwitch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any\nSwitch(config-acl-foo)#deny udp any eq lsp-ping any\n \nSwitch(config)#mpls ping\nSwitch(config-mpls-ping)#ip access-group foo in\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists.\u003c/p\u003e"
}
],
"value": "For EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503.\n\nSwitch(config)#system control-plane\nSwitch(config-cp)#ip access-group my-custom-acl \n\n\n\u00a0\n\nFor EOS versions more recent than 4.22.0, an \u2018mpls ping\u2019 service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL.\n\nTake the following example, where the user applies service ACL \u2018Foo\u2019 that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else.\n\nSwitch(config)#ip access-list Foo\nSwitch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any\nSwitch(config-acl-foo)#deny udp any eq lsp-ping any\n \nSwitch(config)#mpls ping\nSwitch(config-mpls-ping)#ip access-group foo in\n\n\n\u00a0\n\nIf MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-6188",
"datePublished": "2025-08-25T20:14:23.427Z",
"dateReserved": "2025-06-16T20:34:33.402Z",
"dateUpdated": "2025-08-27T14:53:30.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3456 (GCVE-0-2025-3456)
Vulnerability from cvelistv5 – Published: 2025-08-25 20:02 – Updated: 2025-08-25 20:31
VLAI?
Summary
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.34.0F
(custom)
Affected: 4.33.0 , ≤ 4.33.3F (custom) Affected: 4.32.0 , ≤ 4.32.5M (custom) Affected: 4.31.0 , ≤ 4.31.7M (custom) Affected: 4.30.0 , ≤ 4.30.10M (custom) Affected: 4.29.0 , ≤ 4.29.10M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:31:37.034026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:31:54.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.3F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.5M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.7M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.10M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.10M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-3456, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe global custom encryption key must be configured:\u003c/p\u003e\u003cpre\u003eswitch#show running-config | sect management security\nmanagement security\n\u0026nbsp; \u0026nbsp;password encryption-key common custom \u0026lt;key\u0026gt;\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-3456, the following condition must be met:\n\nThe global custom encryption key must be configured:\n\nswitch#show running-config | sect management security\nmanagement security\n\u00a0 \u00a0password encryption-key common custom \u003ckey\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."
}
],
"impacts": [
{
"capecId": "CAPEC-545",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-545: Pull Data from System Resources"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:02:48.722Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-3456 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.1F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.4M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.6M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.8M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2025-3456 has been fixed in the following releases:\n\n * 4.34.1F and later releases in the 4.34.x train\n * 4.33.4M and later releases in the 4.33.x train\n * 4.32.6M and later releases in the 4.32.x train\n * 4.31.8M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "122",
"defect": [
"BUG1114420"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-3456",
"datePublished": "2025-08-25T20:02:48.722Z",
"dateReserved": "2025-04-08T21:38:05.413Z",
"dateUpdated": "2025-08-25T20:31:54.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2826 (GCVE-0-2025-2826)
Vulnerability from cvelistv5 – Published: 2025-05-27 22:22 – Updated: 2025-05-28 13:34
VLAI?
Summary
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
* Packets which should be permitted may be dropped and,
* Packets which should be dropped may be permitted.
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.2F
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:33:59.901353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:08.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.2F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eIPV4 ACL ipv4ACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eMAC ACL macAcl\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et18/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et18/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n \n\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eStandard IPV6 ACL ipv6StandardACL\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 2\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: Et21/1\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActive on \u0026nbsp; \u0026nbsp; Ingress:\u003c/span\u003e Et21/1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show mac access-lists summary\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eor\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 27\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Configured on Ingress: control-plane(default VRF)\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Active on \u0026nbsp; \u0026nbsp; Ingress: control-plane(default VRF)\n\u003c/pre\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nIPV4 ACL ipv4ACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\nMAC ACL macAcl\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et18/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et18/1\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n \nStandard IPV6 ACL ipv6StandardACL\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 2\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: Et21/1\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: Et21/1\n\n\n\u00a0\n\nIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces\u02dc listed, similar to the following:\n\nswitch\u003e show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)\n\n\n\u00a0\n\nor\n\nswitch\u003eshow mac access-lists summary\n\n\n\u00a0\n\nor\n\nswitch\u003eshow ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 27\n\u00a0 \u00a0 \u00a0 \u00a0 Configured on Ingress: control-plane(default VRF)\n\u00a0 \u00a0 \u00a0 \u00a0 Active on \u00a0 \u00a0 Ingress: control-plane(default VRF)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003en affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\u003c/p\u003e\u003col\u003e\u003cli\u003ePackets which should be permitted may be dropped and,\u003c/li\u003e\u003cli\u003ePackets which should be dropped may be permitted.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\n\n * Packets which should be permitted may be dropped and,\n * Packets which should be dropped may be permitted."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:22:51.717Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-2826 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2.1F, 4.33.3F and later releases in the 4.33.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-2826 has been fixed in the following releases:\n\n * 4.33.2.1F, 4.33.3F and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA120",
"defect": [
"BUG 795398"
],
"discovery": "INTERNAL"
},
"title": "n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-2826",
"datePublished": "2025-05-27T22:22:51.717Z",
"dateReserved": "2025-03-26T16:02:22.894Z",
"dateUpdated": "2025-05-28T13:34:08.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2796 (GCVE-0-2025-2796)
Vulnerability from cvelistv5 – Published: 2025-05-27 22:16 – Updated: 2025-05-28 13:34
VLAI?
Summary
On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.
Note: this issue does not affect VXLANSec or MACSec encryption functionality.
Severity ?
5.3 (Medium)
CWE
- cwe-284
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.2F
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:34:22.951770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:30.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.2F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-2796, the following condition must be met:\u003c/p\u003e\u003cp\u003e\u003cb\u003eanti-replay detection\u003c/b\u003e\u0026nbsp;must be configured in IPSec SA Policy:\u003c/p\u003e\u003cpre\u003eswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# anti-replay detection\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-2796, the following condition must be met:\n\nanti-replay detection\u00a0must be configured in IPSec SA Policy:\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# anti-replay detection"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.\u003c/p\u003e\u003cp\u003eNote: this issue does not affect VXLANSec or MACSec encryption functionality.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability.\n\nNote: this issue does not affect VXLANSec or MACSec encryption functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:16:53.489Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21413-security-advisory-0119"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-2796 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.3M and later releases in the 4.33.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-2796 has been fixed in the following releases:\n\n * 4.33.3M and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA119",
"defect": [
"BUG1073719"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no known mitigation for CVE-2025-2796. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no known mitigation for CVE-2025-2796. The recommended resolution is to upgrade to a remediated software version at your earliest convenience."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-2796",
"datePublished": "2025-05-27T22:16:53.489Z",
"dateReserved": "2025-03-25T16:27:53.397Z",
"dateUpdated": "2025-05-28T13:34:30.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11185 (GCVE-0-2024-11185)
Vulnerability from cvelistv5 – Published: 2025-05-27 22:11 – Updated: 2025-05-28 13:34
VLAI?
Summary
On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.
Severity ?
6.5 (Medium)
CWE
- cwe-1189
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.29.0 , ≤ 4.29.10M
(custom)
Affected: 4.30.0 , ≤ 4.30.9M (custom) Affected: 4.31.0 , ≤ 4.31.6M (custom) Affected: 4.32.0 , ≤ 4.32.3M (custom) Affected: 4.33.0 , ≤ 4.33.1F (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T13:34:42.414290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:34:52.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.29.10M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.1F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2024-11185, the following condition must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIPV4 or IPV6 routing must be enabled. :\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(183, 183, 183);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003ewitch\u0026gt;show vrf\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003eMaximum number of VRFs allowed: 1023\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;VRF \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Protocols \u0026nbsp; \u0026nbsp; \u0026nbsp; State \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Interfaces\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e------------- --------------- ---------------- ----------\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;default \u0026nbsp; \u0026nbsp; \u0026nbsp; IPv4 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; routing \u0026nbsp; Ma1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp; \u0026nbsp;default \u0026nbsp; \u0026nbsp; \u0026nbsp; IPv6 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; routing \u0026nbsp; Ma1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(204, 204, 204);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(183, 183, 183);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-11185, the following condition must be met:\n\n\nIPV4 or IPV6 routing must be enabled. :\n\nswitch\u003eshow vrf\n\nMaximum number of VRFs allowed: 1023\n\n\u00a0 \u00a0VRF \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Protocols \u00a0 \u00a0 \u00a0 State \u00a0 \u00a0 \u00a0 \u00a0 Interfaces\n\n------------- --------------- ---------------- ----------\n\n\u00a0 \u00a0default \u00a0 \u00a0 \u00a0 IPv4 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 routing \u00a0 Ma1 \u00a0 \u00a0 \u00a0 \n\n\u00a0 \u00a0default \u00a0 \u00a0 \u00a0 IPv6 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 routing \u00a0 Ma1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-1189",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T22:11:30.325Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/21411-security-advisory-0118"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2024-11185 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.30.10M and later releases in the 4.30.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.31.7M and later releases in the 4.31.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.32.5M and later releases in the 4.32.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.33.2F and later releases in the 4.33.x train\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2024-11185 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n\n\n * 4.31.7M and later releases in the 4.31.x train\n\n\n * 4.32.5M and later releases in the 4.32.x train\n\n\n * 4.33.2F and later releases in the 4.33.x train"
}
],
"source": {
"advisory": "SA118",
"defect": [
"BUG1009562"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, ingress traffic on Layer 2 ports may, under certain conditions, be improperly forwarded to ports associated with different VLANs, resulting in a breach of VLAN isolation and segmentation boundaries.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are no workarounds.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "There are no workarounds."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-11185",
"datePublished": "2025-05-27T22:11:30.325Z",
"dateReserved": "2024-11-13T17:02:27.536Z",
"dateUpdated": "2025-05-28T13:34:52.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9448 (GCVE-0-2024-9448)
Vulnerability from cvelistv5 – Published: 2025-05-08 19:14 – Updated: 2025-08-25 19:52
VLAI?
Summary
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
Severity ?
7.5 (High)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.0F
(custom)
Affected: 4.32.0 , ≤ 4.32.3M (custom) Affected: 4.31.0 , ≤ 4.31.5M (custom) Affected: 4.30.0 , ≤ 4.30.8M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:28:16.811276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:29:47.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EOS"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.0F",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9448, the following condition must be met:\u003c/p\u003e\u003cdiv\u003eA Traffic Policy must be configured:\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show traffic-policy vlan\nTraffic policy myPolicy\n\u0026nbsp; \u0026nbsp;Configured on VLANs: 42, 43\n\u0026nbsp; \u0026nbsp;Applied on VLANs for IPv4 traffic: 42, 43\n\u0026nbsp; \u0026nbsp;Applied on VLANs for IPv6 traffic: 42, 43\n\u0026nbsp; \u0026nbsp;Total number of rules configured: 4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match anIpv4Rule ipv4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActions: Drop\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match anIpv6Rule ipv6\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eActions: Drop\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match ipv4-all-default ipv4\n\u0026nbsp; \u0026nbsp; \u0026nbsp; match ipv6-all-default ipv6\u003c/pre\u003e\u003cdiv\u003eIf a Traffic Policy is not configured there is no exposure to this issue and the message will look something like:\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cpre\u003eswitch\u0026gt;show traffic-policy vlan \nswitch\u0026gt;\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9448, the following condition must be met:\n\nA Traffic Policy must be configured:\n\n\u00a0\n\nswitch\u003eshow traffic-policy vlan\nTraffic policy myPolicy\n\u00a0 \u00a0Configured on VLANs: 42, 43\n\u00a0 \u00a0Applied on VLANs for IPv4 traffic: 42, 43\n\u00a0 \u00a0Applied on VLANs for IPv6 traffic: 42, 43\n\u00a0 \u00a0Total number of rules configured: 4\n\u00a0 \u00a0 \u00a0 match anIpv4Rule ipv4\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Actions: Drop\n\u00a0 \u00a0 \u00a0 match anIpv6Rule ipv6\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0Actions: Drop\n\u00a0 \u00a0 \u00a0 match ipv4-all-default ipv4\n\u00a0 \u00a0 \u00a0 match ipv6-all-default ipv6\n\nIf a Traffic Policy is not configured there is no exposure to this issue and the message will look something like:\n\n\u00a0\n\nswitch\u003eshow traffic-policy vlan \nswitch\u003e"
}
],
"datePublic": "2025-03-11T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations."
}
],
"impacts": [
{
"capecId": "CAPEC-481",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-481 Contradictory Destinations in Traffic Routing Schemes"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:52:14.674Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/21121-security-advisory-0112"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2024-9448 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.1F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-9448 has been fixed in the following releases:\n\n * 4.33.1F and later releases in the 4.33.x train\n * 4.32.4M and later releases in the 4.32.x train\n * 4.31.6M and later releases in the 4.31.x train\n * 4.30.9M and later releases in the 4.30.x train"
}
],
"source": {
"advisory": "112",
"defect": [
"BUG 992963"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no mitigation other than to not use the Traffic Policy feature where it would be expected to match on receipt of untagged packets.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no mitigation other than to not use the Traffic Policy feature where it would be expected to match on receipt of untagged packets."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9448",
"datePublished": "2025-05-08T19:14:00.226Z",
"dateReserved": "2024-10-02T20:39:01.319Z",
"dateUpdated": "2025-08-25T19:52:14.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12378 (GCVE-0-2024-12378)
Vulnerability from cvelistv5 – Published: 2025-05-08 19:05 – Updated: 2025-05-08 19:18
VLAI?
Summary
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
Severity ?
9.1 (Critical)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Affected:
4.32.0 , ≤ 4.32.2F
(custom)
Affected: 4.31.0 , ≤ 4.31.6M (custom) Affected: 4.30.0 , ≤ 4.30.8M (custom) Affected: 4.29.0 , ≤ 4.29.9M (custom) Affected: 4.28.0 , ≤ 4.28.12M (custom) Affected: 4.27.0 , ≤ 4.27.12M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:16:38.893940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:18:27.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.2F",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.6M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9M",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12M",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.12M",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-12378, the following condition must be met:\u003c/p\u003e\u003cp\u003eSecure Vxlan must be configured.\u003c/p\u003e\u003cp\u003eThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Source \u0026nbsp; \u0026nbsp; Dest \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Status \u0026nbsp; \u0026nbsp; \u0026nbsp; Uptime \u0026nbsp; \u0026nbsp; Input \u0026nbsp; \u0026nbsp;Output \u0026nbsp; \u0026nbsp; Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u0026nbsp; 1.0.2.1 \u0026nbsp; \u003cb\u003eEstablished\u003c/b\u003e\u0026nbsp; 19 minutes 0 bytes \u0026nbsp;152 bytes \u0026nbsp;24 minutes\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 0 pkts \u0026nbsp; \u0026nbsp;2 pkts\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eA normal encrypted connection will show the status as \u201cestablished\u201d.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-12378, the following condition must be met:\n\nSecure Vxlan must be configured.\n\nThe output of \u201cshow ip security connection\u201d is empty if Secure Vxlan isn\u2019t configured.\n\nswitch\u003e show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Source \u00a0 \u00a0 Dest \u00a0 \u00a0 \u00a0 \u00a0Status \u00a0 \u00a0 \u00a0 Uptime \u00a0 \u00a0 Input \u00a0 \u00a0Output \u00a0 \u00a0 Rekey Time\nvxlansec-default-1.0.2.1 1.0.1.1 \u00a0 1.0.2.1 \u00a0 Established\u00a0 19 minutes 0 bytes \u00a0152 bytes \u00a024 minutes\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 0 pkts \u00a0 \u00a02 pkts\n\n\n\u00a0\n\nA normal encrypted connection will show the status as \u201cestablished\u201d."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"value": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:05:22.320Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-12378 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0F and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.3M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10M and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2024-12378 has been fixed in the following releases:\n\n * 4.33.0F and later releases in the 4.33.x train\n * 4.32.3M and later releases in the 4.32.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.30.9M and later releases in the 4.30.x train\n * 4.29.10M and later releases in the 4.29.x train"
}
],
"source": {
"advisory": "113",
"defect": [
"BUG 997526"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to remove and re-apply security profiles for each secure VTEP.\u003c/p\u003e\u003cpre\u003eswitch\u0026gt; show vxlan security profile\nVTEP \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Security Profile\n------------- ----------------\n1.0.2.1 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; p1\nswitch\u0026gt; en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to remove and re-apply security profiles for each secure VTEP.\n\nswitch\u003e show vxlan security profile\nVTEP \u00a0 \u00a0 \u00a0 \u00a0 Security Profile\n------------- ----------------\n1.0.2.1 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 p1\nswitch\u003e en\nswitch# config\nswitch(config)# interface vxlan 1\nswitch(config-if-Vx1)# no vxlan vtep 1.0.2.1 ip security profile p1\nswitch(config-if-Vx1)# vxlan vtep 1.0.2.1 ip security profile p1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-12378",
"datePublished": "2025-05-08T19:05:22.320Z",
"dateReserved": "2024-12-09T18:19:27.219Z",
"dateUpdated": "2025-05-08T19:18:27.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11186 (GCVE-0-2024-11186)
Vulnerability from cvelistv5 – Published: 2025-05-08 18:47 – Updated: 2025-05-08 19:01
VLAI?
Summary
On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.
Severity ?
10 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Affected:
2024.3.0
Affected: 2024.2.0 , ≤ 2024.2.1 (custom) Affected: 2024.1.0 , ≤ 2024.1.2 (custom) Affected: 2023.3 Affected: 2023.2 Affected: 2023.1 Affected: 2022.3 Affected: 2022.2 Affected: 2022.1 Affected: 2021.3 Affected: 2021.2 Affected: 2021.1 Affected: 2020.3 Affected: 2020.2 Affected: 2020.1 Affected: 2019.1 Affected: 2018.2 Affected: 2018.1 Affected: 2017.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:00:51.701556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T19:01:23.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "2024.3.0"
},
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "2024.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2024.1.2",
"status": "affected",
"version": "2024.1.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2023.3"
},
{
"status": "affected",
"version": "2023.2"
},
{
"status": "affected",
"version": "2023.1"
},
{
"status": "affected",
"version": "2022.3"
},
{
"status": "affected",
"version": "2022.2"
},
{
"status": "affected",
"version": "2022.1"
},
{
"status": "affected",
"version": "2021.3"
},
{
"status": "affected",
"version": "2021.2"
},
{
"status": "affected",
"version": "2021.1"
},
{
"status": "affected",
"version": "2020.3"
},
{
"status": "affected",
"version": "2020.2"
},
{
"status": "affected",
"version": "2020.1"
},
{
"status": "affected",
"version": "2019.1"
},
{
"status": "affected",
"version": "2018.2"
},
{
"status": "affected",
"version": "2018.1"
},
{
"status": "affected",
"version": "2017.2"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn order to be vulnerable to CVE-2024-11186, the following condition must be met:\u003c/div\u003e\u003cul\u003e\u003cli\u003eA user must be able to authenticate with CloudVision\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-11186, the following condition must be met:\n\n * A user must be able to authenticate with CloudVision"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:47:52.859Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21314-security-advisory-0114"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==\"\u003eCloudVision Users Guide\u003c/a\u003e.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-11186 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e2025.1.0 and later releases in the 2025.1.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.1.3 and later releases in the 2024.1.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see CloudVision Users Guide https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ== .\n\n\u00a0\n\nCVE-2024-11186 has been fixed in the following releases:\n\n * 2025.1.0 and later releases in the 2025.1.x train\n * 2024.3.1 and later releases in the 2024.3.x train\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.1.3 and later releases in the 2024.1.x train"
}
],
"source": {
"advisory": "114",
"defect": [
"BUG 1029707"
],
"discovery": "INTERNAL"
},
"title": "On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-prem",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to append the following to /etc/nginx/conf.d/locations/cvp.https.conf on all CVP nodes:\u003c/p\u003e\u003cpre\u003elocation ^~ /cvpservice/di/ {\n return 404;\n}\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThen restart nginx by running the following command on any node:\u003c/p\u003e\u003cpre\u003enginx-app.sh reload\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to append the following to /etc/nginx/conf.d/locations/cvp.https.conf on all CVP nodes:\n\nlocation ^~ /cvpservice/di/ {\n return 404;\n}\n\n\n\u00a0\n\nThen restart nginx by running the following command on any node:\n\nnginx-app.sh reload"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-11186",
"datePublished": "2025-05-08T18:47:52.859Z",
"dateReserved": "2024-11-13T17:09:34.018Z",
"dateUpdated": "2025-05-08T19:01:23.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0505 (GCVE-0-2025-0505)
Vulnerability from cvelistv5 – Published: 2025-05-08 18:37 – Updated: 2025-05-08 18:56
VLAI?
Summary
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
Severity ?
10 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision Portal |
Affected:
2024.2.0 , ≤ 2024.2.1
(custom)
Affected: 2024.3.0 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:55:39.942468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:56:19.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision Portal",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "2024.2.1",
"status": "affected",
"version": "2024.2.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2024.3.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eZero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\u003c/p\u003e\u003cp\u003eThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI.\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"\" src=\"https://www.arista.com/assets/images/article/SA115-1.png\"\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Zero Touch Provisioning is enabled by default on CloudVision Portal, as such there are no configuration settings specific to this vulnerability.\n\nThe CloudVision versions listed in the \u201cAffected Software\u201d section above are vulnerable. In order to determine your software version, navigate to the Settings page on the CloudVision UI."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:37:13.981Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster\"\u003eUpgrade | Setup Guide | Arista CloudVision 2024.3 Help Center\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2025-0505 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cul\u003e\u003cul\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster \n\n\u00a0\n\nCVE-2025-0505 has been fixed in the following releases:\n\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.3.1 and later releases in the 2024.3.x train"
}
],
"source": {
"advisory": "115",
"defect": [
"BUG 1046170"
],
"discovery": "INTERNAL"
},
"title": "On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\u003c/p\u003e\u003cpre\u003ecvpi disable ztp\ncvpi stop ztp\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe following command can be used to verify that the component is stopped:\u003c/p\u003e\u003cpre\u003ecvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe component may be enabled after upgrading to one the remediated software versions (See\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1\"\u003e\u0026nbsp;Resolution\u003c/a\u003e) using the following commands:\u003c/p\u003e\u003cpre\u003ecvpi enable ztp\ncvpi start ztp\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment (Note that this will disable the Zero Touch Provisioning feature on CloudVision):\n\ncvpi disable ztp\ncvpi stop ztp\n\n\n\u00a0\n\nThe following command can be used to verify that the component is stopped:\n\ncvpi status ztp\n \nExecuting command. This may take some time...\nCompleted 1/1 discovered actions\nprimary components total:1 running:0 disabled:1\n\n\n\u00a0\n\nThe component may be enabled after upgrading to one the remediated software versions (See \u00a0Resolution https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115#pageLink-1 ) using the following commands:\n\ncvpi enable ztp\ncvpi start ztp"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0505",
"datePublished": "2025-05-08T18:37:13.981Z",
"dateReserved": "2025-01-15T19:34:32.801Z",
"dateUpdated": "2025-05-08T18:56:19.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8100 (GCVE-0-2024-8100)
Vulnerability from cvelistv5 – Published: 2025-05-08 18:31 – Updated: 2025-05-08 18:57
VLAI?
Summary
On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
Severity ?
8.7 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | CloudVision |
Affected:
2024.3.0
(custom)
Affected: 2024.0 , ≤ 2024.2 (custom) Affected: 2023.3.0 , ≤ 2023.3.1 (custom) Affected: 2023.0 , ≤ 2023.2 (custom) Affected: 2022 (custom) Affected: 2021 (custom) Affected: 2020 (custom) Affected: 2019 (custom) Affected: 2018 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:56:57.041097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:57:09.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudVision",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "2024.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2024.2",
"status": "affected",
"version": "2024.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2023.3.1",
"status": "affected",
"version": "2023.3.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2023.2",
"status": "affected",
"version": "2023.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "2022",
"versionType": "custom"
},
{
"status": "affected",
"version": "2021",
"versionType": "custom"
},
{
"status": "affected",
"version": "2020",
"versionType": "custom"
},
{
"status": "affected",
"version": "2019",
"versionType": "custom"
},
{
"status": "affected",
"version": "2018",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo specific configuration is required to be vulnerable to CVE-2024-8100.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No specific configuration is required to be vulnerable to CVE-2024-8100."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:31:39.114Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21316-security-advisory-0116"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/support/software-download\"\u003eCVP Software downloads\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8100 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e2024.1.3 and later releases in the 2024.1.x train\u003c/li\u003e\u003cli\u003e2024.2.2 and later releases in the 2024.2.x train\u003c/li\u003e\u003cli\u003e2024.3.1 and later releases in the 2024.3.x train\u003c/li\u003e\u003cli\u003e2025.1.0 and later releases in the 2025.1.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see CVP Software downloads https://www.arista.com/en/support/software-download \n\n\u00a0\n\nCVE-2024-8100 has been fixed in the following releases:\n\n * 2024.1.3 and later releases in the 2024.1.x train\n * 2024.2.2 and later releases in the 2024.2.x train\n * 2024.3.1 and later releases in the 2024.3.x train\n * 2025.1.0 and later releases in the 2025.1.x train"
}
],
"source": {
"advisory": "116",
"defect": [
"BUG 994965"
],
"discovery": "INTERNAL"
},
"title": "On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eBest practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\u003c/p\u003e\u003cp\u003eSuccessful exploit generally requires one of the following:\u003c/p\u003e\u003col\u003e\u003cli\u003eA rogue or compromised internal user with Device enrollment read/write permissions\u003c/li\u003e\u003c/ol\u003e\u003cdiv\u003eOR,\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003col\u003e\u003cli\u003eA valid device onboarding token that is easily accessible beyond the expected set of trusted users\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Best practice is for generated device onboarding tokens to be valid for a limited time duration, and for the Device Onboarding permission which allows the generation of these tokens to only be granted to trusted users.\n\nSuccessful exploit generally requires one of the following:\n\n * A rogue or compromised internal user with Device enrollment read/write permissions\nOR,\n\n\u00a0\n\n * A valid device onboarding token that is easily accessible beyond the expected set of trusted users\nIf all users with Device Onboarding privileges are trusted, and onboarding tokens are properly secured, then the risk of this issue is limited."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-8100",
"datePublished": "2025-05-08T18:31:39.114Z",
"dateReserved": "2024-08-22T18:18:50.804Z",
"dateUpdated": "2025-05-08T18:57:09.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0936 (GCVE-0-2025-0936)
Vulnerability from cvelistv5 – Published: 2025-05-07 22:52 – Updated: 2025-05-08 13:02
VLAI?
Summary
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).
Severity ?
6.5 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1
(custom)
Affected: 4.32.0 , ≤ 4.32.3M (custom) Affected: 4.31.0 , ≤ 4.31.5M (custom) Affected: 4.30.1F , ≤ 4.30.9M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T13:01:59.603974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T13:02:27.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.9M",
"status": "affected",
"version": "4.30.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with accounting enabled \u003c/li\u003e\u003cli\u003eOpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\u003cbr\u003e\u003cul\u003e\u003cli\u003eservice/9\u003c/li\u003e\u003cli\u003einterceptor/9 \u003c/li\u003e\u003cli\u003etransport_socketcli/9 \u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo see the tracing enabled for OpenConfig, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eservice/9,interceptor/9,transport_socketcli/9\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-0936, one or both of the following conditions must be met:\n\n * OpenConfig must be enabled with a gNOI server with accounting enabled \n * OpenConfig must be enabled with a gNOI server with tracing enabled which includes any of:\n * service/9\n * interceptor/9 \n * transport_socketcli/9 \n\n\n\n\n\nIf OpenConfig is enabled with a gNOI server with accounting enabled, this will be shown in the following CLI output:\n\nswitch(config)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: yes\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled\n\n\n\u00a0\n\nTo see the tracing enabled for OpenConfig, run:\n\nswitch(config)#show running-config section trace | grep OpenConfig\ntrace OpenConfig setting service/9,interceptor/9,transport_socketcli/9\n\n\n\u00a0\n\nNote: gRPC-based streaming via TerminAttr to CloudVision is not affected by this vulnerability."
}
],
"datePublic": "2025-05-06T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc)."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T22:52:25.444Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-0936 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.30.10M and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.31.7M and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.32.5M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.33.2F and later releases\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-0936 has been fixed in the following releases:\n\n * 4.30.10M and later releases in the 4.30.x train\n * 4.31.7M and later releases in the 4.31.x train\n * 4.32.5M and later releases in the 4.32.x train\n * 4.33.2F and later releases"
}
],
"source": {
"defect": [
"BUG 1045796"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are a number of possible workarounds:\u003c/p\u003e\u003ch4\u003eOption 1 - disable accounting/logging for the OpenConfig transport\u003c/h4\u003e\u003cp\u003eFor example to disable accounting for transport named \u201cdefault\u201d:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno accounting requests\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eto disable logging for the OpenConfig agent, run:\u003c/p\u003e\u003cpre\u003eswitch(config)#no trace OpenConfig setting\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003ch4\u003eOption 2 - disable the gNOI File service entirely\u003c/h4\u003e\u003cp\u003eTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\u003c/p\u003e\u003ch4\u003eOption 3 - block the TransferToRemote RPC using gNSI Authz\u003c/h4\u003e\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\u003c/pre\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport\u003c/p\u003e\u003cp\u003eAdding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\u003c/p\u003e\u003cpre\u003eswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "There are a number of possible workarounds:\n\nOption 1 - disable accounting/logging for the OpenConfig transportFor example to disable accounting for transport named \u201cdefault\u201d:\n\nswitch(config)#management api gnmi\nswitch(config-mgmt-api-gnmi)#transport grpc default\nswitch(config-gnmi-transport-default)#no accounting requests\n\n\n\u00a0\n\nto disable logging for the OpenConfig agent, run:\n\nswitch(config)#no trace OpenConfig setting\n\n\n\u00a0\n\nOption 2 - disable the gNOI File service entirelyTo disable the gNOI File service, override the OCGNOIFileToggle, then restart OpenConfig to load the changes\n\nswitch#bash timeout 100 echo \"OCGNOIFileToggle=0\" \u003e\u003e /mnt/flash/toggle_override\nswitch#agent OpenConfig terminate \n\n\n\u00a0\n\nDisabling the gNOI File service will mean that gNOI clients will no longer be able to call any gNOI File RPCs\n\nOption 3 - block the TransferToRemote RPC using gNSI AuthzFor releases with gNSI Authz (EOS 4.31.0F and later releases), the TransferToRemote RPC can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n\n\nWhere [NAME] is the name of the running gNMI transport\n\nAdding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes:\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI TransferToRemote policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-gnoi-transfer-to-remote\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.file.File/TransferToRemote\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nThis will cause attempts to run the TransferToRemote RPC to fail with a \u201cPermissionDenied\u201d error code."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-0936",
"datePublished": "2025-05-07T22:52:25.444Z",
"dateReserved": "2025-01-31T17:18:43.715Z",
"dateUpdated": "2025-05-08T13:02:27.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8000 (GCVE-0-2024-8000)
Vulnerability from cvelistv5 – Published: 2025-03-04 20:20 – Updated: 2025-03-04 20:33
VLAI?
Summary
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
Severity ?
5.3 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.32.0 , ≤ 4.32.4M
(custom)
Affected: 4.31.0 , ≤ 4.31.5M (custom) Affected: 4.30.0 , ≤ 4.30.8M (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:23.880423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:33:37.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.32.4M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8M",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\u003c/p\u003e\u003col\u003e\u003cli\u003e802.1X must be configured.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eThe customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003c/li\u003e\u003cli\u003eASU must have occurred ( more information about the upgrade process can be found here at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eUpgrades and Downgrades - Arista\u003c/a\u003e\u0026nbsp;). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe below example shows an example of this issue before and after ASU:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\", \u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\u003c/p\u003e\u003cp\u003eWhen ASU is performed:\u003c/p\u003e\u003cpre\u003eswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00-01-02-03-04-05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u003cb\u003e\"nasFilterRules\": [\u003c/b\u003e\n\u003cb\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\u003c/b\u003e\n \u003cb\u003e],\u003c/b\u003e\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\n\u003c/pre\u003e\u003cp\u003eThe above example is after ASU. Note the nasFilterRule is now only one line. \u003c/p\u003e\u003cp\u003eNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-8000, the following three conditions must be met:\n\n * 802.1X must be configured.\u00a0\n\n\n * The customer must have an external AAA server configured which sends a multi-line dynamic ACL.\u00a0\n\n\n * ASU must have occurred ( more information about the upgrade process can be found here at Upgrades and Downgrades - Arista https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \u00a0). The version being upgraded from is an affected software version, and the version being upgraded to is an affected software version as listed above. \nThe below example shows an example of this issue before and after ASU:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\", \n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\n\u00a0\n\nThe above example is before ASU. Note that the \u201cnasFilterRules\u201d has 5 rules in it.\n\nWhen ASU is performed:\n\nswitch#show dot1x hosts mac 0001.0203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00-01-02-03-04-05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\"\n ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\n\nThe above example is after ASU. Note the nasFilterRule is now only one line. \n\nNote: This symptom is not present when a non-ASU upgrade (i.e. standard reboot) takes place."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \u003c/p\u003e\u003cp\u003eNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:20:53.517Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e. \u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eCVE-2024-8000 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.0M and above\u003c/li\u003e\u003cli\u003e4.32.5M and above releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6M and above releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9M and above releases in the 4.30.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades . \n\n\u00a0\n\nCVE-2024-8000 has been fixed in the following releases:\n\n * 4.33.0M and above\n * 4.32.5M and above releases in the 4.32.x train\n * 4.31.6M and above releases in the 4.31.x train\n * 4.30.9M and above releases in the 4.30.x train"
}
],
"source": {
"advisory": "109",
"defect": [
"989881"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to re-authenticate each supplicant. This can be done by running the command \u201c\u003cb\u003edot1x re-authenticate\u003c/b\u003e\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#dot1x re-authenticate\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `\u003cb\u003eshow logging\u003c/b\u003e` to show the supplicant has been successfully authenticated and `\u003cb\u003eshow ip access-lists\u003c/b\u003e` to verify the ACL is installed correctly. \u003c/p\u003e\u003cpre\u003eswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u0026nbsp; \u0026nbsp;20 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 30 permit tcp any any eq 80\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 40 permit tcp any any eq 443\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 50 deny ip host 192.168.1.100\n \n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u0026nbsp; \u0026nbsp; \"supplicantMac\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"identity\": \"user3\",\n\u0026nbsp; \u0026nbsp; \"interface\": \"Ethernet3/47\",\n\u0026nbsp; \u0026nbsp; \"authMethod\": \"EAPOL\",\n\u0026nbsp; \u0026nbsp; \"authStage\": \"SUCCESS\",\n\u0026nbsp; \u0026nbsp; \"fallback\": \"NONE\",\n\u0026nbsp; \u0026nbsp; \"callingStationId\": \"00:01:02:03:04:05\",\n\u0026nbsp; \u0026nbsp; \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u0026nbsp; \u0026nbsp; \"reauthInterval\": 0,\n\u0026nbsp; \u0026nbsp; \"cacheConfTime\": 0,\n\u0026nbsp; \u0026nbsp; \"vlanId\": \"202\",\n\u0026nbsp; \u0026nbsp; \"accountingSessionId\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortal\": \"\",\n\u0026nbsp; \u0026nbsp; \"captivePortalSource\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaWebAuth\": \"\",\n\u0026nbsp; \u0026nbsp; \"supplicantClass\": \"\",\n\u0026nbsp; \u0026nbsp; \"filterId\": \"\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddress\": \"0.0.0.0\",\n\u0026nbsp; \u0026nbsp; \"framedIpAddrSource\": \"sourceNone\",\n\u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\"nasFilterRules\": [\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 80\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \"permit tcp any any eq 443\",\n\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u201cdeny ip host 192.168.1.100\"\n\u0026nbsp; \u0026nbsp; ],\u003c/span\u003e\n\u0026nbsp; \u0026nbsp; \"sessionTimeout\": 0,\n\u0026nbsp; \u0026nbsp; \"terminationAction\": \"\",\n\u0026nbsp; \u0026nbsp; \"tunnelPrivateGroupId\": \"\",\n\u0026nbsp; \u0026nbsp; \"aristaPeriodicIdentity\": \"\",\n\u0026nbsp; \u0026nbsp; \"cachedAuthAtLinkDown\": false,\n\u0026nbsp; \u0026nbsp; \"reauthTimeoutSeen\": false,\n\u0026nbsp; \u0026nbsp; \"sessionCached\": false,\n\u0026nbsp; \u0026nbsp; \"detail_\": true\n}\u003c/pre\u003e\u003cp\u003eIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The workaround is to re-authenticate each supplicant. This can be done by running the command \u201cdot1x re-authenticate\u201d on the interface post ASU. Alternatively, if the reauthentication timer is enabled, the ACL will be correctly reprogrammed once the timer has expired and re-authentication occurs. \n\nswitch(Ethernet 1)#dot1x re-authenticate\n\n\n\u00a0\n\nAlternatively, flapping the interface will trigger reauthentication of the supplicants and correct the ACL which is installed for each mac on that interface.\n\nswitch(Ethernet 1)#shut\nswitch(Ethernet 1)#no shut\n\n\n\u00a0\n\nIn both cases mentioned, we can verify that reauth has been triggered by checking the output of `show logging` to show the supplicant has been successfully authenticated and `show ip access-lists` to verify the ACL is installed correctly. \n\nswitch(Ethernet 1)#show logging\nAug 24 07:12:05 switch Dot1x: DOT1X-6-SUPPLICANT_AUTHENTICATED: Supplicant with identity 00:01:02:03:04:05, MAC 0001.0203.0405 and dynamic VLAN None successfully authenticated on port Ethernet1.\n \nswitch#show ip access-lists\nPhone ACL bypass: disabled\nIP Access List 802.1x-3212953518000 [dynamic]\n\u00a0 \u00a0 \u00a0 \u00a0 10 deny ip 10.1.0.0/16 20.1.0.0/16\n \u00a0 \u00a020 permit ip from 11.0.0.0/8 to 12.0.0.0/8\n\u00a0 \u00a0 \u00a0 \u00a0 30 permit tcp any any eq 80\n\u00a0 \u00a0 \u00a0 \u00a0 40 permit tcp any any eq 443\n\u00a0 \u00a0 \u00a0 \u00a0 50 deny ip host 192.168.1.100\n \n\u00a0 \u00a0 \u00a0 \u00a0 Total rules configured: 5\n \nswitch#show dot1x hosts mac 0001.203.0405 detail | json\n{\n\u00a0 \u00a0 \"supplicantMac\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"identity\": \"user3\",\n\u00a0 \u00a0 \"interface\": \"Ethernet3/47\",\n\u00a0 \u00a0 \"authMethod\": \"EAPOL\",\n\u00a0 \u00a0 \"authStage\": \"SUCCESS\",\n\u00a0 \u00a0 \"fallback\": \"NONE\",\n\u00a0 \u00a0 \"callingStationId\": \"00:01:02:03:04:05\",\n\u00a0 \u00a0 \"reauthBehavior\": \"DO-NOT-RE-AUTH\",\n\u00a0 \u00a0 \"reauthInterval\": 0,\n\u00a0 \u00a0 \"cacheConfTime\": 0,\n\u00a0 \u00a0 \"vlanId\": \"202\",\n\u00a0 \u00a0 \"accountingSessionId\": \"\",\n\u00a0 \u00a0 \"captivePortal\": \"\",\n\u00a0 \u00a0 \"captivePortalSource\": \"\",\n\u00a0 \u00a0 \"aristaWebAuth\": \"\",\n\u00a0 \u00a0 \"supplicantClass\": \"\",\n\u00a0 \u00a0 \"filterId\": \"\",\n\u00a0 \u00a0 \"framedIpAddress\": \"0.0.0.0\",\n\u00a0 \u00a0 \"framedIpAddrSource\": \"sourceNone\",\n\u00a0 \u00a0 \"nasFilterRules\": [\n\u00a0 \u00a0 \u00a0 \u00a0 \"deny in ip from 10.1.0.0/16 to 20.1.0.0/16\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit in ip from 11.0.0.0/8 to 12.0.0.0/8\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 80\",\n\u00a0 \u00a0 \u00a0 \u00a0 \"permit tcp any any eq 443\",\n\u00a0 \u00a0 \u00a0 \u00a0 \u201cdeny ip host 192.168.1.100\"\n\u00a0 \u00a0 ],\n\u00a0 \u00a0 \"sessionTimeout\": 0,\n\u00a0 \u00a0 \"terminationAction\": \"\",\n\u00a0 \u00a0 \"tunnelPrivateGroupId\": \"\",\n\u00a0 \u00a0 \"aristaPeriodicIdentity\": \"\",\n\u00a0 \u00a0 \"cachedAuthAtLinkDown\": false,\n\u00a0 \u00a0 \"reauthTimeoutSeen\": false,\n\u00a0 \u00a0 \"sessionCached\": false,\n\u00a0 \u00a0 \"detail_\": true\n}\n\nIn the above example the supplicant has been re-authenticated and the nasFilterRules shows 5 rules, as before."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-8000",
"datePublished": "2025-03-04T20:20:53.517Z",
"dateReserved": "2024-08-19T23:25:41.372Z",
"dateUpdated": "2025-03-04T20:33:37.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9135 (GCVE-0-2024-9135)
Vulnerability from cvelistv5 – Published: 2025-03-04 20:12 – Updated: 2025-03-04 20:34
VLAI?
Summary
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
Severity ?
5.3 (Medium)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0
Affected: 4.31.0 , ≤ 4.31.5 (custom) Affected: 4.30.0 , ≤ 4.30.8.1 (custom) Affected: 4.29.0 , ≤ 4.29.9.1 (custom) Affected: 4.28.0 Affected: 4.27.0 , ≤ 4.27.1 (custom) |
Credits
Craig Dods from Meta’s Infrastructure Security team.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:33:54.371098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:34:15.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.33.0"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8.1",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9.1",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.28.0"
},
{
"lessThanOrEqual": "4.27.1",
"status": "affected",
"version": "4.27.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2024-9135, the following condition must be met:\u003c/p\u003e\u003cp\u003eBGP Link State must be configured:\u003c/p\u003e\u003cpre\u003eswitch# router bgp 65544\nswitch# \u0026nbsp; address-family link-state\nswitch# \u0026nbsp; \u0026nbsp; \u0026nbsp; neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u0026nbsp; Description \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Neighbor V AS \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; MsgRcvd \u0026nbsp; MsgSent InQ OutQ Up/Down State \u0026nbsp; NlriRcd NlriAcc\n \n\u0026nbsp; brw363 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 192.0.2.9 4 65550 \u0026nbsp; \u0026nbsp; \u0026nbsp; 194222 \u0026nbsp; 125149 \u0026nbsp; 0 \u0026nbsp; 0 01:08:41 Estab \u0026nbsp; 211948 211948\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2024-9135, the following condition must be met:\n\nBGP Link State must be configured:\n\nswitch# router bgp 65544\nswitch# \u00a0 address-family link-state\nswitch# \u00a0 \u00a0 \u00a0 neighbor 192.0.2.9 activate\nswitch#\nswitch#sh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n\u00a0 Description \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Neighbor V AS \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MsgRcvd \u00a0 MsgSent InQ OutQ Up/Down State \u00a0 NlriRcd NlriAcc\n \n\u00a0 brw363 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 192.0.2.9 4 65550 \u00a0 \u00a0 \u00a0 194222 \u00a0 125149 \u00a0 0 \u00a0 0 01:08:41 Estab \u00a0 211948 211948\n\n\n\u00a0\n\nIf BGP Link State is not configured there is no exposure to this issue. No BGP link-state peering is shown under show bgp link-state summary as below:\n\nswitch\u003esh bgp link-state summary\nBGP summary information for VRF default\nRouter identifier 192.0.2.2, local AS number 65540\nNeighbor Status Codes: m - Under maintenance\n Description Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State NlriRcd NlriAcc"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Craig Dods from Meta\u2019s Infrastructure Security team."
}
],
"datePublic": "2025-01-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:02.025Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110"
}
],
"source": {
"advisory": "110",
"defect": [
"1006114"
],
"discovery": "UNKNOWN"
},
"title": "On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\u003c/p\u003e\u003cpre\u003e1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u0026gt; /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u0026gt;\u0026gt; /mnt/flash/toggle_override\u0027\n3. Reload the switch or router\u003c/pre\u003e"
}
],
"value": "The workaround is to disable the Dynamic Path Selection (DPS) service inside BGP LinkState by disabling the feature toggle. Note this should be done on affected non AWE platforms only.\n\n1. Enter \"bash\" shell under EOS prompt\n2. sudo sh -c \u0027echo \"BgpLsConsumerDps=0\" \u003e /mnt/flash/toggle_override; echo \"BgpLsProducerDps=0\" \u003e\u003e /mnt/flash/toggle_override\u0027\n3. Reload the switch or router"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9135",
"datePublished": "2025-03-04T20:12:02.025Z",
"dateReserved": "2024-09-23T23:03:07.318Z",
"dateUpdated": "2025-03-04T20:34:15.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1260 (GCVE-0-2025-1260)
Vulnerability from cvelistv5 – Published: 2025-03-04 19:49 – Updated: 2025-03-04 20:41
VLAI?
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
Severity ?
9.1 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1
(custom)
Affected: 4.32.0 , ≤ 4.32.3 (custom) Affected: 4.31.0 , ≤ 4.31.5 (custom) Affected: 4.30.0 , ≤ 4.30.8 (custom) Affected: 4.29.0 , ≤ 4.29.9 (custom) Affected: 4.28.0 , ≤ 4.28.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:41:36.492094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:41:46.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in unexpected configuration/operations being applied to the switch.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in unexpected configuration/operations being applied to the switch."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:49:00.278Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nFor CVE-2025-1260 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Set RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI SET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-set\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.certificate.CertificateManagement/RevokeCertificates\\\",\\\"/gnoi.os.OS/Activate\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificateAuthorityBundle\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Create\\\",\\\"/gnoi.system.System/Reboot\\\",\\\"/gnsi.certz.v1.Certz/Rotate\\\",\\\"/gnoi.system.System/SwitchControlProcessor\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Delete\\\",\\\"/gnsi.certz.v1.Certz/DeleteProfile\\\",\\\"/gsii.v1.gSII/Modify\\\",\\\"/gnoi.file.File/Put\\\",\\\"/gnoi.system.System/SetPackage\\\",\\\"/gnsi.pathz.v1.Pathz/Rotate\\\",\\\"/gnmi.gNMI/Set\\\",\\\"/gnoi.system.System/CancelReboot\\\",\\\"/gnoi.system.System/KillProcess\\\",\\\"/gnoi.file.File/TransferToRemote\\\",\\\"/gnoi.os.OS/Install\\\",\\\"/gnsi.authz.v1.Authz/Rotate\\\",\\\"/gnoi.factory_reset.FactoryReset/Start\\\",\\\"/gnsi.certz.v1.Certz/AddProfile\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateAccountCredentials\\\",\\\"/gnsi.credentialz.v1.Credentialz/RotateHostParameters\\\",\\\"/gnoi.certificate.CertificateManagement/Rotate\\\",\\\"/gnoi.certificate.CertificateManagement/Install\\\",\\\"/gnoi.certificate.CertificateManagement/LoadCertificate\\\",\\\"/gnoi.certificate.CertificateManagement/GenerateCSR\\\",\\\"/gnoi.file.File/Remove\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11\n\n\n\u00a0\n\nRun the following CLI command can be ran which will disable all gNOI RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI RPCs policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-one-can-use-any-gnoi\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.*\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1260",
"datePublished": "2025-03-04T19:49:00.278Z",
"dateReserved": "2025-02-12T18:10:28.745Z",
"dateUpdated": "2025-03-04T20:41:46.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1259 (GCVE-0-2025-1259)
Vulnerability from cvelistv5 – Published: 2025-03-04 19:44 – Updated: 2025-03-04 20:12
VLAI?
Summary
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0 , ≤ 4.33.1
(custom)
Affected: 4.32.0 , ≤ 4.32.3 (custom) Affected: 4.31.0 , ≤ 4.31.5 (custom) Affected: 4.30.0 , ≤ 4.30.8 (custom) Affected: 4.29.0 , ≤ 4.29.9 (custom) Affected: 4.28.0 , ≤ 4.28.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T20:12:13.556121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T20:12:25.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.1",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.3",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.5",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.8",
"status": "affected",
"version": "4.30.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.9",
"status": "affected",
"version": "4.29.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.12",
"status": "affected",
"version": "4.28.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\u003c/p\u003e\u003cpre\u003eswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eyes\u003c/span\u003e\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\u003c/p\u003e\u003cpre\u003eswitch(config)#show management api gnmi \nEnabled: \u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eno transports enabled\u003c/span\u003e\u003c/pre\u003e"
}
],
"value": "To be vulnerable to CVE-2025-1259 and CVE-2025-1260 the only condition is that OpenConfig must be enabled with a gNOI server.\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\n\n\u00a0\n\nIf OpenConfig is not configured or OpenConfig is configured with no gNOI server, then there is no exposure to this issue and the message will look like.\n\nswitch(config)#show management api gnmi \nEnabled: no transports enabled"
}
],
"datePublic": "2025-02-25T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan result in users retrieving data that should not have been available\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in users retrieving data that should not have been available"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:44:34.221Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2025-1259 is fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.33.2 and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.4 and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.6 and later releases in the 4.31.x train\u003c/li\u003e\u003cli\u003e4.30.9 and later releases in the 4.30.x train\u003c/li\u003e\u003cli\u003e4.29.10 and later releases in the 4.29.x train\u003c/li\u003e\u003cli\u003e4.28.13 and later releases in the 4.28.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-1259 is fixed in the following releases:\n\n * 4.33.2 and later releases in the 4.33.x train\n * 4.32.4 and later releases in the 4.32.x train\n * 4.31.6 and later releases in the 4.31.x train\n * 4.30.9 and later releases in the 4.30.x train\n * 4.29.10 and later releases in the 4.29.x train\n * 4.28.13 and later releases in the 4.28.x train"
}
],
"source": {
"advisory": "SA 111",
"defect": [
"1015822"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\u003c/p\u003e\u003cp\u003eFirst enable gNSI Authz service by adding the following config:\u003c/p\u003e\u003cpre\u003eswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\u003c/p\u003e\u003cp\u003eNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\u003c/p\u003e\u003cp\u003eFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\u003c/p\u003e\u003cpre\u003eswitch#\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003ebash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026amp;\u0026amp; sleep 11\u003c/span\u003e\u0026nbsp;\u003c/pre\u003e"
}
],
"value": "For releases with gNSI Authz (EOS 4.31.0F and later releases), the gNOI RPC\u2019s can be blocked using gNSI Authz.\n\nFirst enable gNSI Authz service by adding the following config:\n\nswitch(config)#management api gnsi\nswitch(config-mgmt-api-gnsi)#service authz\n(config-mgmt-api-gnsi)#transport gnmi [NAME]\n\n\n\u00a0\n\nWhere [NAME] is the name of the running gNMI transport which gNSI will run on. Adding this config will cause the named gNMI transport to reload.\n\nNext update the authz policy to block access to the TransferToRemote RPC. This can be done directly on the system by updating the Authz policy file and waiting at least 10 seconds for OpenConfig to reload the changes. Note this will replace any existing authz policies located at /persist/sys/gnsi/authz/policy.json\n\nFor CVE-2025-1259 the following CLI command (highlighted in yellow following the switch prompt) can be run which will disable all gNOI Get RPC\u2019s.\n\nswitch#bash timeout 100 echo \"{\\\"name\\\":\\\"block gNOI GET RPC\u0027s policy\\\",\\\"allow_rules\\\":[{\\\"name\\\":\\\"allow_all\\\"}],\\\"deny_rules\\\":[{\\\"name\\\":\\\"no-gnoi-get\\\",\\\"request\\\":{\\\"paths\\\":[\\\"/gnoi.packet_link_qualification.LinkQualification/List\\\",\\\"/gnoi.certificate.CertificateManagement/GetCertificates\\\",\\\"/gnoi.os.OS/Verify\\\",\\\"/gnoi.healthz.Healthz/Get\\\",\\\"/gnoi.healthz.Healthz/List\\\",\\\"/gnoi.system.System/RebootStatus\\\",\\\"/gnmi.gNMI/Subscribe\\\",\\\"/gnoi.file.File/Stat\\\",\\\"/gnoi.system.System/Traceroute\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Get\\\",\\\"/gnoi.system.System/Ping\\\",\\\"/gnoi.file.File/Get\\\",\\\"/gnsi.authz.v1.Authz/Probe\\\",\\\"/gnsi.credentialz.v1.Credentialz/GetPublicKeys\\\",\\\"/gnsi.pathz.v1.Pathz/Probe\\\",\\\"/gnoi.healthz.Healthz/Acknowledge\\\",\\\"/gnsi.certz.v1.Certz/CanGenerateCSR\\\",\\\"/gnmi.gNMI/Get\\\",\\\"/gnoi.certificate.CertificateManagement/CanGenerateCSR\\\",\\\"/gnoi.healthz.Healthz/Artifact\\\",\\\"/gnsi.authz.v1.Authz/Get\\\",\\\"/gnoi.system.System/Time\\\",\\\"/gnsi.pathz.v1.Pathz/Get\\\",\\\"/gnoi.packet_link_qualification.LinkQualification/Capabilities\\\",\\\"/gnsi.acctz.v1.AcctzStream/RecordSubscribe\\\",\\\"/gnsi.credentialz.v1.Credentialz/CanGenerateKey\\\",\\\"/gnoi.healthz.Healthz/Check\\\",\\\"/gnsi.certz.v1.Certz/GetProfileList\\\"]}}]}\" | sudo tee /persist/sys/gnsi/authz/policy.json \u0026\u0026 sleep 11"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-1259",
"datePublished": "2025-03-04T19:44:34.221Z",
"dateReserved": "2025-02-12T18:10:26.386Z",
"dateUpdated": "2025-03-04T20:12:25.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9188 (GCVE-0-2024-9188)
Vulnerability from cvelistv5 – Published: 2025-01-10 22:05 – Updated: 2025-01-13 20:07
VLAI?
Summary
Specially constructed queries cause cross platform scripting leaking administrator tokens
Severity ?
8.8 (High)
CWE
- cwe-287
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Credits
Gereon Huppertz
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:07:44.936182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:07:56.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo required configuration.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No required configuration."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gereon Huppertz"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpecially constructed queries cause cross platform scripting leaking administrator tokens\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Specially constructed queries cause cross platform scripting leaking administrator tokens"
}
],
"impacts": [
{
"capecId": "CAPEC-39",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-39 Manipulating Opaque Client-based Data Tokens"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-287",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T22:05:26.349Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14822"
],
"discovery": "EXTERNAL"
},
"title": "Specially constructed queries cause cross platform scripting leaking administrator tokens",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo known mitigation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No known mitigation."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9188",
"datePublished": "2025-01-10T22:05:26.349Z",
"dateReserved": "2024-09-25T20:35:08.729Z",
"dateUpdated": "2025-01-13T20:07:56.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47520 (GCVE-0-2024-47520)
Vulnerability from cvelistv5 – Published: 2025-01-10 22:00 – Updated: 2025-01-13 20:11
VLAI?
Summary
A user with advanced report application access rights can perform actions for which they are not authorized
Severity ?
7.6 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Credits
Mehmet INCE from PRODAFT.com
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:11:32.475074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:11:36.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Reports application.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe above picture shows the configuration panel for user access. The \u201c\u003ca target=\"_blank\" rel=\"nofollow\"\u003ereportuser@domain.com\u003c/a\u003e\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet INCE from PRODAFT.com"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch4\u003eA user with advanced report application access rights can perform actions for which they are not authorized\u003c/h4\u003e\u003cbr\u003e"
}
],
"value": "A user with advanced report application access rights can perform actions for which they are not authorized"
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T22:00:56.183Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14707"
],
"discovery": "EXTERNAL"
},
"title": "A user with advanced report application access rights can perform actions for which they are not authorized",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor the Reports application, for all Reports Users, disable \u003ci\u003eOnline Access.\u003c/i\u003e\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"\u003e\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo do this:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and go to the Reports application.\u003c/li\u003e\u003cli\u003eFor all users with the Online Access checkbox (red box) enabled, uncheck it.\u003c/li\u003e\u003cli\u003eClick Save.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\n\u00a0\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access checkbox (red box) enabled, uncheck it.\n * Click Save."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-47520",
"datePublished": "2025-01-10T22:00:56.183Z",
"dateReserved": "2024-09-25T20:29:43.984Z",
"dateUpdated": "2025-01-13T20:11:36.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47519 (GCVE-0-2024-47519)
Vulnerability from cvelistv5 – Published: 2025-01-10 21:56 – Updated: 2025-01-13 20:12
VLAI?
Summary
Backup uploads to ETM subject to man-in-the-middle interception
Severity ?
8.3 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Credits
Mehmet INCE from PRODAFT.com
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:11:59.715430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:12:34.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the user interface and navigate to the Apps and Services page.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-8.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003eIf you do not see the Configuration Backup service application, it is not installed and the system is not vulnerable.\u003c/li\u003e\u003cli\u003eClick the Configuration Backup application\u003c/li\u003e\u003cli\u003eIf you see the status that \u003cb\u003eConfiguration Backup is disabled\u003c/b\u003e, the system is not vulnerable.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-9.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003eClick the Cloud tab.\u003c/li\u003e\u003cli\u003eClick Backup Now.\u003c/li\u003e\u003cli\u003eLog into Edge Threat Management.\u003c/li\u003e\u003cli\u003eGo to Appliances and Backups.\u003c/li\u003e\u003cli\u003eVerify that you see a new backup.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-10.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "* As the NGFW administrator, log into the user interface and navigate to the Apps and Services page.\n\n\n * If you do not see the Configuration Backup service application, it is not installed and the system is not vulnerable.\n * Click the Configuration Backup application\n * If you see the status that Configuration Backup is disabled, the system is not vulnerable.\n\n\n * Click the Cloud tab.\n * Click Backup Now.\n * Log into Edge Threat Management.\n * Go to Appliances and Backups.\n * Verify that you see a new backup."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet INCE from PRODAFT.com"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBackup uploads to ETM subject to man-in-the-middle interception\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Backup uploads to ETM subject to man-in-the-middle interception"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-322",
"description": "CWE-322",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:56:54.553Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14708"
],
"discovery": "EXTERNAL"
},
"title": "Backup uploads to ETM subject to man-in-the-middle interception",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable Configuration Backup application.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Disable Configuration Backup application."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-47519",
"datePublished": "2025-01-10T21:56:54.553Z",
"dateReserved": "2024-09-25T20:29:43.984Z",
"dateUpdated": "2025-01-13T20:12:34.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47518 (GCVE-0-2024-47518)
Vulnerability from cvelistv5 – Published: 2025-01-10 21:52 – Updated: 2025-01-13 20:12
VLAI?
Summary
Specially constructed queries targeting ETM could discover active remote access sessions
Severity ?
6.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:12:47.805872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:12:59.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003col\u003e\u003cli\u003eLog into Edge Threat Management (ETM).\u003c/li\u003e\u003cli\u003eGo to Appliances, and click your target NGFW.\u003c/li\u003e\u003cli\u003eOn the NGFW appliance page, click Remote Access.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-6.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003eLeave the connection running.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "* Log into Edge Threat Management (ETM).\n * Go to Appliances, and click your target NGFW.\n * On the NGFW appliance page, click Remote Access.\n\n\n * Leave the connection running."
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSpecially constructed queries targeting ETM could discover active remote access sessions\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Specially constructed queries targeting ETM could discover active remote access sessions"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:52:19.808Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14626"
],
"discovery": "EXTERNAL"
},
"title": "Specially constructed queries targeting ETM could discover active remote access sessions",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAfter you have completed your Remote Access session, close the NGFW window.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "After you have completed your Remote Access session, close the NGFW window."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-47518",
"datePublished": "2025-01-10T21:52:19.808Z",
"dateReserved": "2024-09-25T20:29:43.984Z",
"dateUpdated": "2025-01-13T20:12:59.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47517 (GCVE-0-2024-47517)
Vulnerability from cvelistv5 – Published: 2025-01-10 21:47 – Updated: 2025-01-13 20:13
VLAI?
Summary
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
Severity ?
6.8 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Credits
Mehmet INCE from PRODAFT.com
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:13:17.296191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:13:25.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003col\u003e\u003cli\u003eLog into Edge Threat Management (ETM).\u003c/li\u003e\u003cli\u003eGo to Appliances, and click your target NGFW.\u003c/li\u003e\u003cli\u003eOn the NGFW appliance page, click Remote Access.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-6.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003eWith the NGFW UI in a new tab or window, let the connection expire. \u0026nbsp;\u003c/li\u003e\u003cli\u003eAfter the session has expired, any attempt to perform actions will notify you of the need to enable Remote Access again.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "* Log into Edge Threat Management (ETM).\n * Go to Appliances, and click your target NGFW.\n * On the NGFW appliance page, click Remote Access.\n\n\n * With the NGFW UI in a new tab or window, let the connection expire. \u00a0\n * After the session has expired, any attempt to perform actions will notify you of the need to enable Remote Access again."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet INCE from PRODAFT.com"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExpired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access"
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:47:30.950Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14754"
],
"discovery": "EXTERNAL"
},
"title": "Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAfter you have completed NGFW operations with Remote Access, close the browser window or tab.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "After you have completed NGFW operations with Remote Access, close the browser window or tab."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-47517",
"datePublished": "2025-01-10T21:47:30.950Z",
"dateReserved": "2024-09-25T20:29:43.984Z",
"dateUpdated": "2025-01-13T20:13:25.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9134 (GCVE-0-2024-9134)
Vulnerability from cvelistv5 – Published: 2025-01-10 21:44 – Updated: 2025-01-13 20:14
VLAI?
Summary
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
Severity ?
8.3 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | Arista Edge Threat Management |
Affected:
17.1.0 , ≤ 17.1.1
(custom)
|
Credits
Mehmet INCE from PRODAFT.com
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T20:13:52.238229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T20:14:00.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arista Edge Threat Management",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "17.1.1",
"status": "affected",
"version": "17.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\u003c/p\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eTo access this information:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and navigate to the Reports application.\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-4.png\"\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eThe above picture shows the configuration panel for user access. The \u201c\u003ca target=\"_blank\" rel=\"nofollow\"\u003ereportuser@domain.com\u003c/a\u003e\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\u003c/p\u003e\u003ch4\u003eIndicators of Compromise\u003c/h4\u003e\u003cp\u003eAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u0026nbsp;\u003c/p\u003e\u003cp\u003eFor example, an appropriate process list for running the postgres database will look like:\u003c/p\u003e\u003cpre\u003e# ps -u postgres -f\nUID \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; PID \u0026nbsp; PPID C STIME TTY \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; TIME CMD\npostgres 94057 \u0026nbsp; \u0026nbsp; 1 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? \u0026nbsp; \u0026nbsp; \u0026nbsp; 00:00:00 postgres: 13/main: logical replication launcher\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eAdditional processes run by the postgres user indicating a potential compromise may look like:\u003c/p\u003e\u003cpre\u003epostgres 100172 100171 0 Feb06 pts/2 \u0026nbsp; 00:00:00 bash\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "If the NGFW has one or more Report application Report Users with Online Access enabled they are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Reports application.\n\n\nThe above picture shows the configuration panel for user access. The \u201creportuser@domain.com\u201d user has \u201cOnline Access\u201d checked, which is required in order to be vulnerable.\n\nIndicators of CompromiseAny compromise will reveal itself via the postgres user running a non-standard postgres process. \u00a0\n\nFor example, an appropriate process list for running the postgres database will look like:\n\n# ps -u postgres -f\nUID \u00a0 \u00a0 \u00a0 \u00a0 PID \u00a0 PPID C STIME TTY \u00a0 \u00a0 \u00a0 \u00a0 TIME CMD\npostgres 94057 \u00a0 \u00a0 1 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 /usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf\npostgres 94063 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:02 postgres: 13/main: checkpointer\npostgres 94064 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: background writer\npostgres 94065 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:12 postgres: 13/main: walwriter\npostgres 94066 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: autovacuum launcher\npostgres 94067 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:01 postgres: 13/main: stats collector\npostgres 94068 94057 0 Feb06 ? \u00a0 \u00a0 \u00a0 00:00:00 postgres: 13/main: logical replication launcher\n\n\n\u00a0\n\nAdditional processes run by the postgres user indicating a potential compromise may look like:\n\npostgres 100172 100171 0 Feb06 pts/2 \u00a0 00:00:00 bash"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet INCE from PRODAFT.com"
}
],
"datePublic": "2024-10-29T20:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMultiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T21:44:17.415Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\u003c/div\u003e\u003cul\u003e\u003cli\u003e17.2 Upgrade\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution for all issues documented above is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.2 Upgrade"
}
],
"source": {
"advisory": "105",
"defect": [
"NGFW-14721"
],
"discovery": "EXTERNAL"
},
"title": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFor the Reports application, for all Reports Users, disable \u003ci\u003eOnline Access.\u003c/i\u003e\u003c/p\u003e\u003cp\u003e\u003cimg alt=\"Security Advisory 105\" src=\"https://www.arista.com/assets/images/article/SA105-5.png\"\u003e\u003c/p\u003e\u003cdiv\u003eTo do this:\u003c/div\u003e\u003col\u003e\u003cli\u003eAs the NGFW administrator, log into the UI and go to the Reports application.\u003c/li\u003e\u003cli\u003eFor all users with the \u003ci\u003eOnline Access\u003c/i\u003e\u0026nbsp;checkbox (red box) enabled, uncheck it.\u003c/li\u003e\u003cli\u003eClick Save.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "For the Reports application, for all Reports Users, disable Online Access.\n\n\n\nTo do this:\n\n * As the NGFW administrator, log into the UI and go to the Reports application.\n * For all users with the Online Access\u00a0checkbox (red box) enabled, uncheck it.\n * Click Save."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2024-9134",
"datePublished": "2025-01-10T21:44:17.415Z",
"dateReserved": "2024-09-23T22:01:04.566Z",
"dateUpdated": "2025-01-13T20:14:00.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}