9.6
CVE-2024-27892
- EPSS 0.3%
- Veröffentlicht 04.06.2026 22:33:15
- Zuletzt bearbeitet 05.06.2026 15:02:34
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArista Networks
≫
Produkt
EOS
Default Statusunaffected
Version <=
4.31.2F
Version
4.31.0
Status
affected
Version <=
4.30.5M
Version
4.30.0
Status
affected
Version <=
4.29.7M
Version
4.29.0
Status
affected
Version <=
4.28.10M
Version
4.28.0
Status
affected
Version <=
4.27.8M
Version
4.27.0
Status
affected
Version <=
4.26.9M
Version
4.26.0
Status
affected
Version <=
4.25.10M
Version
4.25.0
Status
affected
Version <=
4.24.11M
Version
4.24.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.216 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@arista.com | 7.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@arista.com | 9.6 | 3.1 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099