9.6

CVE-2024-27890

On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArista Networks
Produkt EOS
Default Statusunaffected
Version <= 4.29.7M
Version 4.29.0
Status affected
Version <= 4.28.10M
Version 4.28.0
Status affected
Version <= 4.27.8M
Version 4.27.0
Status affected
Version <= 4.26.9M
Version 4.26.0
Status affected
Version <= 4.25.10M
Version 4.25.0
Status affected
Version <= 4.24.11M
Version 4.24.0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.43% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@arista.com 7.2 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
psirt@arista.com 9.6 3.1 5.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099