Arista Security Advisories
Security Advisory 0086
Date: April 25, 2023
Revision
Date
Changes
1.0
April 25, 2023
Initial release
The CVE-ID tracking this issue: CVE-2023-24512 CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG751697
Description
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to upda ...
Security Advisory 0085
Date: April 11, 2023
Revision
Date
Changes
1.0
April 11, 2023
Initial release
This advisory consists of two CVEs which affect the Arista CloudEOS product.
CVE-ID: CVE-2023-24545 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Common Weakness Enumeration: CWE-400- Uncontrolled Resource Consumption This vulnerability is being tracked by BUG 743423
CVE-ID: CVE-2023-24513 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) Com ...
Security Advisory 0084
Date: April 11, 2023
Revision
Date
Changes
1.0
April 11, 2023
Initial release
The CVE-ID tracking this issue: CVE-2023-24511 CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Common Weakness Enumeration: CWE-401 Missing Release of Memory after Effective Lifetime This vulnerability is being tracked by BUG 751040
Description
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the ...
Security Advisory 0083
Date: March 7, 2023
Revision
Date
Changes
1.0
March 7, 2023
Initial release
The CVE-ID tracking this issue: CVE-2023-24546
CVSSv3.1 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L)
Note: This issue has been filed on MITRE as having a CVSS score of 10.0. Depending on the release and configuration there is some variance on the Base Score. The range of possible CVSS scores and mapping to the releases is detailed in the “Required Configurati ...
Security Advisory 0082
Date: February 14, 2023
Revision
Date
Changes
1.0
February 14, 2023
Initial release
The CVE-ID tracking this issue: CVE-2023-24509 CVSSv3.1 Base Score: 9.3 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-269 Improper Privilege Management This vulnerability is being tracked by BUG 723401
Description
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol ena ...
End of Sale / End of Life for Arista DMF Appliances: DCA-DM-SA, DCA-DM-SBL and DCA-DM-CB
Date: February 10th, 2023
End of Sale / End of Life for Arista DMF Appliances: DCA-DM-SA, DCA-DM-SBL and DCA-DM-CB
Description:
Arista Networks announces the end-of-sale/end-of-life for DMF (DANZ Monitoring Fabric) appliances whose product part numbers are listed below in Table 1. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) till their respective End-of-Life dates as listed in Table 2, the End-of-Life Milestones ...