CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9132 – The administrator is able to configure an insecure captive portal script
https://notcve.org/view.php?id=CVE-2024-9132
10 Jan 2025 — The administrator is able to configure an insecure captive portal script • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9131 – A user with administrator privileges can perform command injection
https://notcve.org/view.php?id=CVE-2024-9131
10 Jan 2025 — A user with administrator privileges can perform command injection • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7142 – On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
https://notcve.org/view.php?id=CVE-2024-7142
10 Jan 2025 — On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them • https://www.arista.com/en/support/advisories-notices/security-advisory/20405-security-advisory-0104 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6068 – On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some
https://notcve.org/view.php?id=CVE-2023-6068
04 Mar 2024 — On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some En las plataformas FPGA de la serie 7130 afectadas que ejecutan MOS y versiones recientes de FPGA MultiAccess, la aplicación de ACL puede provocar un funcionamiento incorrecto de la ACL configurada para un puerto, lo que da como resultado que se permitan ... • https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091 • CWE-283: Unverified Ownership •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27889 – Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW).
https://notcve.org/view.php?id=CVE-2024-27889
04 Mar 2024 — Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. Existen múltiples vulnerabilidades de inyección SQL en la aplicación de informes de Arista Edge Threat Management - Arista NG Firewall (NGFW). Un usuario con derechos avanzados de acceso a la ... • https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •