Vulnerabilities for EOS (...) - CXSECURITY.COM

Vulnerabilities for 'EOS'

2022-02-04

CVE-2021-28503

CWE-287

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

2022-01-14

CVE-2021-28500

CWE-863

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API�??s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

2021-10-21

CVE-2021-28496

CWE-311

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train

2020-10-26

CVE-2020-15897

NVD-CWE-noinfo

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

2019-08-15

CVE-2018-14008

CWE-287

Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.

2015-11-19

CVE-2015-8236

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

>>> Vendor: Arista 7 Products

EOS

Dcs-7050t eos software

Dcs-7050q eos software

Dcs-7050s eos software

Cloudvision portal

Cloudvision exchange

Copyright 2024, cxsecurity.com