Home
HIGH: 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:NCRITICAL: 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HDefault status
unaffected
4.31.0 (custom)
affected
4.30.0 (custom)
affected
4.29.0 (custom)
affected
4.28.0 (custom)
affected
4.27.0 (custom)
affected
4.26.0 (custom)
affected
4.25.0 (custom)
affected
4.24.0 (custom)
affected
Description
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
4.31.0 (custom)
4.30.0 (custom)
4.29.0 (custom)
4.28.0 (custom)
4.27.0 (custom)
4.26.0 (custom)
4.25.0 (custom)
4.24.0 (custom)
References
www.arista.com/...rity-advisory/19862-security-advisory-0099