CVE-2024-27892
Received
Received - Intake
BaseFortify
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Arista Networks, Inc.
Description
Description
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | arista_eos | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects platforms running Arista EOS with OpenConfig configured. It allows a gNMI Set request to be executed when it should have been rejected, which means that unexpected configuration changes can be applied to the switch.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized or unexpected configuration changes on affected network switches. This can disrupt network operations, potentially causing outages or degraded performance, and may allow attackers to manipulate network behavior.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70