Arista EOS — Vulnerabilities & Security Advisories 7

All 7 CVE vulnerabilities found in Arista EOS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Arista Networks

CVE ID	Title	CVSS	Severity	Published
CVE-2023-24510	On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. CWE-755	7.5	High	2023-06-05
CVE-2023-24509	On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ... CWE-269	9.3	Critical	2023-04-13
CVE-2021-28509	TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP CWE-255	6.1	Medium	2022-05-26
CVE-2021-28508	TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP CWE-255	6.8	Medium	2022-05-26
CVE-2021-28503	In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. CWE-305	7.4	High	2022-02-04
CVE-2021-28500	An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. CWE-285	9.1	Critical	2022-01-14
CVE-2021-28496	In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. CWE-311	5.7	Medium	2021-10-21

All 7 known CVE vulnerabilities affecting Arista EOS with full Chinese analysis, references, and POCs where available.