6.9
CVE-2024-27891
- EPSS 0.28%
- Veröffentlicht 04.06.2026 22:08:42
- Zuletzt bearbeitet 05.06.2026 15:02:34
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArista Networks
≫
Produkt
EOS
Default Statusunaffected
Version <=
4.32.0.1F
Version
4.32.0
Status
affected
Version <=
4.31.2F
Version
4.31.0
Status
affected
Version <=
4.30.6M
Version
4.30.0
Status
affected
Version <=
4.29.7M
Version
4.29.0
Status
affected
Version <=
4.28.10.1M
Version
4.28.0
Status
affected
Version
4.27.2F
Version <
4.28.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@arista.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@arista.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://www.arista.com/en/support/advisories-notices/security-advisory/19908-security-advisory-0102