6.5
CVE-2024-6858
- EPSS 0.14%
- Veröffentlicht 04.06.2026 21:51:08
- Zuletzt bearbeitet 05.06.2026 21:16:27
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArista Networks
≫
Produkt
EOS
Default Statusunaffected
Version <=
4.31.1F
Version
4.31.0
Status
affected
Version <=
4.30.5M
Version
4.30.0
Status
affected
Version <=
4.29.7M
Version
4.29.0
Status
affected
Version <=
4.28.10.1M
Version
4.28.10
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-1287 Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
https://www.arista.com/en/support/advisories-notices/security-advisory/19917-security-advisory-0103