Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Arista Networks — Vulnerabilities & Security Advisories 64

Browse all 64 CVE security advisories affecting Arista Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Arista Networks specializes in high-performance data center switching and cloud networking solutions, primarily serving enterprise and service provider infrastructure. With sixty-four recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has predominantly featured remote code execution, cross-site scripting, and privilege escalation flaws within its management interfaces and network operating systems. These vulnerabilities often stem from input validation errors or improper access controls in legacy software versions, allowing attackers to gain unauthorized administrative access or disrupt network services. While Arista maintains a robust security posture through regular firmware updates and secure boot mechanisms, past incidents highlight the risks associated with complex network management platforms. The company actively addresses these issues via security advisories, emphasizing the importance of timely patching for deployed infrastructure to mitigate potential exploitation by malicious actors targeting critical network backbone components.

Top products by Arista Networks: EOS Arista Edge Threat Management Arista EOS DANZ Monitoring Fabric CloudVision Portal Arista Edge Threat Management - Arista Next Generation Firewall Terminattr MOS Arista Edge Threat Management - Arista NG Firewall (NGFW) Arista Wireless Access Points EOS-Policy Based Routing (PBR) CloudVision Appliance CloudVision
CVE IDTitleCVSSSeverityPublished
CVE-2021-28507 An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. — EOSCWE-284 5.5 Medium2022-01-14
CVE-2021-28506 An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. — EOSCWE-285 9.1 Critical2022-01-14
CVE-2021-28501 An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. — TerminattrCWE-285 9.1 Critical2022-01-14
CVE-2021-28496 In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. — Arista EOSCWE-311 5.7 Medium2021-10-21

This page lists every published CVE security advisory associated with Arista Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.