CVE-2024-9448— Arista EOS 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-9448の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropp
ソース: NVD (National Vulnerability Database)
脆弱性説明
On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
CWE-1284
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Arista EOS 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Arista EOS是美国Arista公司的一个完全可编程的、高度模块化的、基于Linux的网络操作系统。 Arista EOS存在安全漏洞,该漏洞源于未标记的数据包不会命中预期的流量策略规则,可能导致数据包被发送到意外目的地。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Arista Networks | EOS | 4.33.0 ~ 4.33.0F | - |
II. CVE-2024-9448の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-9448のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Arista Networks · 2025-05-08 · 5 CVEs total
| CVE-2025-0505 | 10.0 CRITICAL | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Pro |
| CVE-2024-11186 | 10.0 CRITICAL | On affected versions of the CloudVision Portal, improper access controls could enable a ma |
| CVE-2024-12378 | 9.1 CRITICAL | On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunn |
| CVE-2024-8100 | 8.7 HIGH | On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device |
IV. 関連脆弱性
同じ製品: EOS
- CVE-2025-7048
On affected platforms running Arista EOS with MACsec configu - CVE-2025-8872
A specially crafted packet can cause the OSFPv3 process to h - CVE-2025-8870
On affected platforms running Arista EOS, certain serial con - CVE-2025-6188
On affected platforms running Arista EOS, maliciously formed - CVE-2025-3456
On affected platforms running Arista EOS, the global common
同じベンダー: Arista Networks
- CVE-2025-7048
On affected platforms running Arista EOS with MACsec configu - CVE-2025-8872
A specially crafted packet can cause the OSFPv3 process to h - CVE-2025-8870
On affected platforms running Arista EOS, certain serial con - CVE-2025-54549
Cryptographic validation of upgrade images could be circumve - CVE-2025-54548
On affected platforms, restricted users could view sensitive
同じ弱点: CWE-1284
- CVE-2026-25863
Conditional Fields for Contact Form 7 < 2.7.3 DoS via Uncont - CVE-2025-14688
IBM® Db2® is vulnerable to a denial of service when fetching - CVE-2026-6915
Flaw in the updateUser Command May Allow Unauthorized Config - CVE-2026-1352
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 whe - CVE-2026-6839
ONE 安全漏洞
V. CVE-2024-9448へのコメント
まだコメントはありません