23 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0

On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. • https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 1

For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. • https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076 • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 1

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en Arista EOS para omitir las ACL de seguridad. • https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Se ha detectado que EOS versión v2.1.0, contenía un desbordamiento del búfer de la pila por medio de la función txn_test_gen_plugin • https://github.com/EOSIO/eos/issues/10820 • CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. Se ha detectado recientemente un problema en Arista EOS donde el uso incorrecto de las API AAA de EOS por parte de los agentes OpenConfig y TerminAttr podría resultar en un acceso no restringido al dispositivo para usuarios locales con una configuración sin contraseña • https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 • CWE-285: Improper Authorization •