CVE-2015-8236

Name of the Vulnerable Software and Affected Versions Arista EOS versions prior to 4.11.12 Arista EOS versions 4.12 prior to 4.12.11 Arista EOS versions 4.13 prior to 4.13.14M Arista EOS versions 4.14 prior to 4.14.5FX.5 Arista EOS versions 4.15 prior to 4.15.0FX1.1

Description The issue is related to insufficient access control in the Arista EOS operating system, allowing remote attackers to execute arbitrary code as root by leveraging management-plane access. This is a privilege escalation vulnerability that could allow a remote attacker with IP connectivity to the management plane of the switch to run arbitrary code as a privileged user, including getting root level access to the bash shell on the switch, without requiring credentials for a user account on the switch. All methods of management plane access are exposed.

Recommendations For Arista EOS versions prior to 4.11.12, update to version 4.11.12 or later. For Arista EOS versions 4.12 prior to 4.12.11, update to version 4.12.11 or later. For Arista EOS versions 4.13 prior to 4.13.14M, update to version 4.13.14M or later. For Arista EOS versions 4.14 prior to 4.14.5FX.5, update to version 4.14.5FX.5 or later. For Arista EOS versions 4.15 prior to 4.15.0FX1.1, update to version 4.15.0FX1.1 or later.