PatchSiren cyber security CVE debrief
CVE-2024-6858 Arista Networks CVE debrief
CVE-2024-6858 is a MEDIUM severity vulnerability in Arista's EOS when in 802.1X mode. The vulnerability allows multi-auth unauthenticated hosts to access a switch port if there exists an EAPOL capable device in the fallback VLAN. The CVSS score for this vulnerability is 6.5.
- Vendor
- Arista Networks
- Product
- EOS
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of Arista EOS devices, particularly those using 802.1X mode, should be aware of this vulnerability and take necessary precautions.
Technical summary
In Arista's EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Defensive priority
MEDIUM
Recommended defensive actions
- Review and update Arista EOS configurations to ensure proper 802.1X mode settings.
- Implement additional security measures to restrict access to switch ports.
- Monitor for and apply patches or updates provided by Arista.
Evidence notes
The vendor for this CVE is likely Arista, based on the provided evidence and reference links.
Official resources
-
CVE-2024-6858 CVE record
CVE.org
-
CVE-2024-6858 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2024-6858 was published on [cvePublishedAt] and modified on [cveModifiedAt].