CVE-2024-27890

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2024-27890

Affected Products

Eos

CVE-2024-27890

Weakness Enumeration

Related Identifiers

Affected Products

References · 2