PatchSiren cyber security CVE debrief
CVE-2024-27890 Arista Networks CVE debrief
CVE-2024-27890 is a HIGH-severity vulnerability affecting Arista EOS with OpenConfig configured. A gNMI Set request can be run when it should have been rejected, resulting in unexpected configuration being applied to the switch. The CVSS score for this vulnerability is 7.2.
- Vendor
- Arista Networks
- Product
- EOS
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Arista EOS with OpenConfig configured should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
A gNMI Set request can be run when it should have been rejected, resulting in unexpected configuration being applied to the switch.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or mitigations as recommended by the vendor.
- Review and update configurations to prevent exploitation.
Evidence notes
Vendor: Arista (from reference_domain_candidate)
Official resources
-
CVE-2024-27890 CVE record
CVE.org
-
CVE-2024-27890 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2024-27890 was published on [cvePublishedAt] and modified on [cveModifiedAt].