CVE-2024-27890
Received
Received - Intake
BaseFortify
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Arista Networks, Inc.
Description
Description
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | arista_eos | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects platforms running Arista EOS with OpenConfig configured. It allows a gNMI Set request to be executed when it should have been rejected, which means that unexpected configuration changes can be applied to the switch.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized or unexpected configuration changes on the affected network switch. This can impact the integrity and availability of the network device, potentially causing disruptions or allowing malicious configuration that harms network operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70