CVE-2025-8873 is a HIGH severity vulnerability in Arista EOS with IPsec configured. A specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition and attempt to reset the IPsec processing pipeline. After reset, traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or termina [truncated]
CVE-2024-27892 is a HIGH-severity vulnerability affecting Arista EOS with OpenConfig configured. A gNMI Set request can be run when it should have been rejected, resulting in unexpected configuration being applied to the switch. The CVSS score for this vulnerability is 7.2.
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
CVE-2024-27890 is a HIGH-severity vulnerability affecting Arista EOS with OpenConfig configured. A gNMI Set request can be run when it should have been rejected, resulting in unexpected configuration being applied to the switch. The CVSS score for this vulnerability is 7.2.
CVE-2023-5502 is a HIGH severity vulnerability in Arista EOS with 802.1x authentication configured on access/trunk ports and routing enabled on the access VLAN. A malicious supplicant may bypass 802.1x authentication requirements. The vulnerability has a CVSS score of 8.2.
CVE-2024-6858 is a MEDIUM severity vulnerability in Arista's EOS when in 802.1X mode. The vulnerability allows multi-auth unauthenticated hosts to access a switch port if there exists an EAPOL capable device in the fallback VLAN. The CVSS score for this vulnerability is 6.5.
