CVE-2023-24510 – On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
https://notcve.org/view.php?id=CVE-2023-24510
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. • https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-24509 – On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ...
https://notcve.org/view.php?id=CVE-2023-24509
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability. • https://www.arista.com/en/support/advisories-notices/security-advisory/16985-security-advisory-0082 • CWE-269: Improper Privilege Management •
CVE-2021-28510 – For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
https://notcve.org/view.php?id=CVE-2021-28510
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. • https://www.arista.com/en/support/advisories-notices/security-advisory/15439-security-advisory-0076 • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2021-28511 – This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ...
https://notcve.org/view.php?id=CVE-2021-28511
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en Arista EOS para omitir las ACL de seguridad. • https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078 • CWE-284: Improper Access Control •
CVE-2021-28509 – TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP
https://notcve.org/view.php?id=CVE-2021-28509
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en los protocolos de transporte TerminAttr y OpenConfig del agente de telemetría de transmisión de estados de Arista EOS. El impacto de esta vulnerabilidad es que, en determinadas condiciones, TerminAttr podría filtrar datos confidenciales MACsec en texto sin cifrar en CVP a otros usuarios autorizados, lo que podría causar que el tráfico MACsec sea descifrado o modificado por otros usuarios autorizados en el dispositivo • https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077 • CWE-255: Credentials Management Errors CWE-319: Cleartext Transmission of Sensitive Information •