CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9135 – On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
https://notcve.org/view.php?id=CVE-2024-9135
04 Mar 2025 — On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping. • https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-1260 – On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
https://notcve.org/view.php?id=CVE-2025-1260
04 Mar 2025 — On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch. On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch. • https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111 • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-1259 – On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
https://notcve.org/view.php?id=CVE-2025-1259
04 Mar 2025 — On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available • https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9188 – Specially constructed queries cause cross platform scripting leaking administrator tokens
https://notcve.org/view.php?id=CVE-2024-9188
10 Jan 2025 — Specially constructed queries cause cross platform scripting leaking administrator tokens • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47520 – A user with advanced report application access rights can perform actions for which they are not authorized
https://notcve.org/view.php?id=CVE-2024-47520
10 Jan 2025 — A user with advanced report application access rights can perform actions for which they are not authorized • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47519 – Backup uploads to ETM subject to man-in-the-middle interception
https://notcve.org/view.php?id=CVE-2024-47519
10 Jan 2025 — Backup uploads to ETM subject to man-in-the-middle interception • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47518 – Specially constructed queries targeting ETM could discover active remote access sessions
https://notcve.org/view.php?id=CVE-2024-47518
10 Jan 2025 — Specially constructed queries targeting ETM could discover active remote access sessions • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47517 – Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
https://notcve.org/view.php?id=CVE-2024-47517
10 Jan 2025 — Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9134 – Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.
https://notcve.org/view.php?id=CVE-2024-9134
10 Jan 2025 — Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9133 – A user with administrator privileges is able to retrieve authentication tokens
https://notcve.org/view.php?id=CVE-2024-9133
10 Jan 2025 — A user with administrator privileges is able to retrieve authentication tokens • https://www.arista.com/en/support/advisories-notices/security-advisory/20454-security-advisory-0105 • CWE-287: Improper Authentication •