Arista

By the Year

In 2026 there have been 1 vulnerability in Arista with an average score of 4.3 out of ten. Last year, in 2025 Arista had 12 security vulnerabilities published. Right now, Arista is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 3.75

Recent Arista Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-7048	Jan 06, 2026	Arista EOS MACsec Crash via Crafted Packet (4.34.3.1M) On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.	Eos
CVE-2025-8872	Dec 16, 2025	Arista EOS OSPFv3 CPU Exhaustion via Crafted Packet On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.	Eos
CVE-2025-2796	May 27, 2025	Arista EOS IPsec Anti-Replay Duplicate Packet Forgery Vulnerability On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be forwarded due to this vulnerability. Note: this issue does not affect VXLANSec or MACSec encryption functionality.	Eos
CVE-2024-9448	May 08, 2025	Arista EOS Traffic Policy Skip Untagged Packets – Improper Drop On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.	Eos
CVE-2024-12378	May 08, 2025	Arista EOS Tunnelsec Agent Restart Exposes Packets in Clear over Secure VxLAN On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.	Eos
CVE-2024-11186	May 08, 2025	Arista CV Portal Improper Access Control: Auth Escalation On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.	Cloudvision Portal
CVE-2025-0936	May 07, 2025	Arista EOS gNOI RPC Exposes Remote Credentials via Logging On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).	Eos
CVE-2025-2767	Apr 23, 2025	Arista NG Firewall XSS RCE via User-Agent Header Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.	Ng Firewall
CVE-2025-1259	Mar 04, 2025	Arista EOS gNOI Request Bypass via OpenConfig On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available	Eos
CVE-2025-1260	Mar 04, 2025	Arista EOS gNOI bypass allows unauthorized config changes On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.	Eos
CVE-2024-5872	Jan 10, 2025	Arista EOS VLAN Tag Misprocessing Causing Control Plane Instability On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.	Eos
CVE-2024-7095	Jan 10, 2025	Arista EOS SNMP snmpd Mem Leak by Crafted Packet On affected platforms running Arista EOS with SNMP configured, if snmp-server transmit max-size is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.	Eos
CVE-2024-6437	Jan 10, 2025	Arista EOS PBR/BGP Flowspec IP Options Bypass On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.	Eos
CVE-2024-12831	Dec 20, 2024	Arista NG Firewall uvm_login Module Incorrect Authorization Privilege Escalation Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324.	Ng Firewall
CVE-2024-12830	Dec 20, 2024	Arista NG Firewall custom_handler Directory Traversal RCE Vulnerability Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019.	Ng Firewall
CVE-2024-12829	Dec 20, 2024	Arista NG Firewall ExecManagerImpl Command Injection RCE Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015.	Ng Firewall
CVE-2024-12832	Dec 20, 2024	Arista NG Firewall SQL Injection Vulnerability in ReportEntry Class Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325.	Ng Firewall
CVE-2023-24546	Jun 13, 2023	Arista CloudVision Portal: Improper Access Control on Device Connection On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service.	Cloudvision Portal
CVE-2023-24510	Jun 05, 2023	Arista EOS DHCP Relay Agent Crash via Malformed DHCP Packet On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.	Eos
CVE-2023-24512	Apr 25, 2023	Arista EOS gNMI Streaming Agent Allows Arbitrary Config Change On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision	Veos Lab Cloudeos Ceos Lab And others...
CVE-2023-24509	Apr 13, 2023	Privilege Escalation in Arista EOS Standby Supervisor via RPR/SSO On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.	Eos
CVE-2021-28510	Jan 26, 2023	Arista EOS PTP Agent Crash DoS from Malformed PTP TLV For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.	Eos
CVE-2022-29071	Aug 05, 2022	Arista CVP Password Leak in Audit&System Logs This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.	Cloudvision Portal
CVE-2021-28503	Feb 04, 2022	The impact of this vulnerability is The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.	Eos
CVE-2021-28500	Jan 14, 2022	An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.	Eos
CVE-2021-28501	Jan 14, 2022	An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.	Terminattr
CVE-2021-28506	Jan 14, 2022	An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.	Eos
CVE-2021-28507	Jan 14, 2022	An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.	Eos
CVE-2021-28496	Oct 21, 2021	On systems running Arista EOS and CloudEOS with the affected release version On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train	Eos
CVE-2020-25686	Jan 20, 2021	A flaw was found in dnsmasq before version 2.83 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.	Eos
CVE-2020-25684	Jan 20, 2021	A flaw was found in dnsmasq before version 2.83 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.	Eos
CVE-2020-25685	Jan 20, 2021	A flaw was found in dnsmasq before version 2.83 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.	Eos
CVE-2020-15897	Oct 26, 2020	Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.	Eos
CVE-2020-13100	Oct 26, 2020	Aristas CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F Aristas CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.	Cloudvision Exchange
CVE-2020-17355	Oct 21, 2020	Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.	Eos
CVE-2020-24333	Sep 22, 2020	A vulnerability in Aristas CloudVision Portal (CVP) prior to 2020.2 A vulnerability in Aristas CloudVision Portal (CVP) prior to 2020.2 allows users with read-only or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.	Cloudvision Portal
CVE-2020-13881	Jun 06, 2020	In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.	Cloudvision Portal
CVE-2019-18948	Apr 16, 2020	An issue was found in Arista EOS An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Aristas EOS VxLAN code, which can allow attackers to crash the VxlanSwFwd agent. This affects EOS 4.21.8M and below releases in the 4.21.x train, 4.22.3M and below releases in the 4.22.x train, 4.23.1F and below releases in the 4.23.x train, and all releases in 4.15, 4.16, 4.17, 4.18, 4.19, 4.20 code train.	Eos
CVE-2020-10188	Mar 06, 2020	utility.c in telnetd in netkit telnet through 0.17 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.	Eos
CVE-2015-6815	Jan 31, 2020	The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.	Eos
CVE-2015-5239	Jan 23, 2020	Integer overflow in the VNC display driver in QEMU before 2.1.0 Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.	Eos
CVE-2015-5745	Jan 23, 2020	Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.	Eos
CVE-2015-5278	Jan 23, 2020	The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.	Eos
CVE-2019-18181	Dec 19, 2019	In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI.	Cloudvision Portal
CVE-2019-18615	Dec 19, 2019	In CloudVision Portal (CVP) for all releases in the 2018.2 Train In CloudVision Portal (CVP) for all releases in the 2018.2 Train, under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. This only affects CVP environments where: 1. Devices have enable mode passwords which are different from the user's login password, OR 2. There are configlet builders that use the Device class and specify username and password explicitly Application logs are not accessible or visible from the CVP GUI. Application logs can only be read by authorized users with privileged access to the VM hosting the CVP application.	Cloudvision Portal
CVE-2019-17596	Oct 24, 2019	Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.	Cloudvision Portal Terminattr Eos And others...
CVE-2018-12357	Aug 15, 2019	Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.	Cloudvision Portal
CVE-2018-14008	Aug 15, 2019	Arista EOS through 4.21.0F Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled.	Eos
CVE-2018-5254	Apr 12, 2018	Arista EOS before 4.20.2F Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.	Eos
CVE-2018-5255	Mar 05, 2018	The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20.2F allows remote attackers to cause a denial of service (agent restart) via crafted UDP packets.	Eos