PatchSiren cyber security CVE debrief
CVE-2024-27891 Arista Networks CVE debrief
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
- Vendor
- Arista Networks
- Product
- EOS
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Arista EOS with MACsec and egress ACLs configured on the same interfaces should review and apply patches as necessary.
Technical summary
The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and apply patches as necessary.
- Refer to the Arista security advisory for more information: [ref-4](https://www.arista.com/en/support/advisories-notices/security-advisory/19908-security-advisory-0102).
Evidence notes
The vendor is identified as Arista based on evidence from the source item.
Official resources
-
CVE-2024-27891 CVE record
CVE.org
-
CVE-2024-27891 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2024-27891 was published on 2026-06-04T23:16:47.777Z and modified on 2026-06-05T15:02:34.977Z.