| CVE-2024-8100 | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. | Arista Networks | CloudVision | High | 8.7 | 2025-05-08 18:31:39 | Deep Dive |
| CVE-2025-0936 | On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly | Arista Networks | EOS | Medium | 6.5 | 2025-05-07 22:52:25 | Deep Dive |
| CVE-2025-2767 | Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability | Arista | NG Firewall | 高危 | - | 2025-04-23 16:51:13 | Deep Dive |
| CVE-2024-8000 | On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restar | Arista Networks | EOS | Medium | 5.3 | 2025-03-04 20:20:54 | Deep Dive |
| CVE-2024-9135 | On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping. | Arista Networks | EOS | Medium | 5.3 | 2025-03-04 20:12:02 | Deep Dive |
| CVE-2025-1260 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. | Arista Networks | EOS | Critical | 9.1 | 2025-03-04 19:49:00 | Deep Dive |
| CVE-2025-1259 | On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. | Arista Networks | EOS | High | 7.7 | 2025-03-04 19:44:34 | Deep Dive |
| CVE-2024-9188 | Specially constructed queries cause cross platform scripting leaking administrator tokens | Arista Networks | Arista Edge Threat Management | High | 8.8 | 2025-01-10 22:05:26 | Deep Dive |
| CVE-2024-47520 | A user with advanced report application access rights can perform actions for which they are not authorized | Arista Networks | Arista Edge Threat Management | High | 7.6 | 2025-01-10 22:00:56 | Deep Dive |
| CVE-2024-47519 | Backup uploads to ETM subject to man-in-the-middle interception | Arista Networks | Arista Edge Threat Management | High | 8.3 | 2025-01-10 21:56:55 | Deep Dive |
| CVE-2024-47518 | Specially constructed queries targeting ETM could discover active remote access sessions | Arista Networks | Arista Edge Threat Management | Medium | 6.4 | 2025-01-10 21:52:20 | Deep Dive |
| CVE-2024-47517 | Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access | Arista Networks | Arista Edge Threat Management | Medium | 6.8 | 2025-01-10 21:47:31 | Deep Dive |
| CVE-2024-9134 | Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | Arista Networks | Arista Edge Threat Management | High | 8.3 | 2025-01-10 21:44:17 | Deep Dive |
| CVE-2024-9133 | A user with administrator privileges is able to retrieve authentication tokens | Arista Networks | Arista Edge Threat Management | Medium | 6.6 | 2025-01-10 21:40:25 | Deep Dive |
| CVE-2024-9132 | The administrator is able to configure an insecure captive portal script | Arista Networks | Arista Edge Threat Management | High | 8.1 | 2025-01-10 21:35:14 | Deep Dive |
| CVE-2024-9131 | A user with administrator privileges can perform command injection | Arista Networks | Arista Edge Threat Management | High | 7.2 | 2025-01-10 21:28:47 | Deep Dive |
| CVE-2024-7142 | On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | Arista Networks | CloudVision Appliance | Medium | 4.6 | 2025-01-10 21:18:28 | Deep Dive |
| CVE-2024-5872 | On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. | Arista Networks | EOS | Medium | 6.5 | 2025-01-10 20:25:54 | Deep Dive |
| CVE-2024-7095 | On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being term | Arista Networks | EOS | Medium | 4.3 | 2025-01-10 20:19:10 | Deep Dive |
| CVE-2024-6437 | On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options ma | Arista Networks | EOS-Policy Based Routing (PBR) | Medium | 5.8 | 2025-01-10 20:06:36 | Deep Dive |