Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Arista Networks — Vulnerabilities & Security Advisories 64

Browse all 64 CVE security advisories affecting Arista Networks. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Arista Networks specializes in high-performance data center switching and cloud networking solutions, primarily serving enterprise and service provider infrastructure. With sixty-four recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has predominantly featured remote code execution, cross-site scripting, and privilege escalation flaws within its management interfaces and network operating systems. These vulnerabilities often stem from input validation errors or improper access controls in legacy software versions, allowing attackers to gain unauthorized administrative access or disrupt network services. While Arista maintains a robust security posture through regular firmware updates and secure boot mechanisms, past incidents highlight the risks associated with complex network management platforms. The company actively addresses these issues via security advisories, emphasizing the importance of timely patching for deployed infrastructure to mitigate potential exploitation by malicious actors targeting critical network backbone components.

Found 7 results / 64Clear Filters
Top products by Arista Networks: EOS Arista Edge Threat Management Arista EOS DANZ Monitoring Fabric CloudVision Portal Arista Edge Threat Management - Arista Next Generation Firewall Terminattr MOS Arista Edge Threat Management - Arista NG Firewall (NGFW) Arista Wireless Access Points EOS-Policy Based Routing (PBR) CloudVision Appliance CloudVision
CVE IDTitleCVSSSeverityPublished
CVE-2023-24510 On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. — Arista EOSCWE-755 7.5 High2023-06-05
CVE-2023-24509 On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ... — Arista EOSCWE-269 9.3 Critical2023-04-13
CVE-2021-28509 TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP — Arista EOSCWE-255 6.1 Medium2022-05-26
CVE-2021-28508 TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP — Arista EOSCWE-255 6.8 Medium2022-05-26
CVE-2021-28503 In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. — Arista EOSCWE-305 7.4 High2022-02-04
CVE-2021-28500 An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. — Arista EOSCWE-285 9.1 Critical2022-01-14
CVE-2021-28496 In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. — Arista EOSCWE-311 5.7 Medium2021-10-21

This page lists every published CVE security advisory associated with Arista Networks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.