SB2026062432 - Multiple vulnerabilities in Arista EOS
Published: June 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Cleartext storage of sensitive information (CVE-ID: CVE-2026-11704)
CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to stream unexpected data to CloudVision.
The vulnerability exists due to cleartext storage of sensitive information in the Streaming Telemetry Agent (TerminAttr) when streaming to CloudVision. A remote privileged user can access the stored data to stream unexpected data to CloudVision.
The agent must be configured to stream to CloudVision for exploitation.
2) Execution with unnecessary privileges (CVE-ID: CVE-2026-11705)
CWE-ID: CWE-250 - Execution with Unnecessary Privileges
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to modify system data.
The vulnerability exists due to execution with unnecessary privileges in the Streaming Telemetry Agent (TerminAttrRW) when processing a crafted set of packets. A remote user can send a crafted set of packets to modify system data.
Exploitation requires the agent to be active in a specific non-default configuration and configured to stream as TerminAttrRW.
3) Incorrect default permissions (CVE-ID: CVE-2026-52895)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to view and alter user credentials.
The vulnerability exists due to incorrect default permissions in the device when handling credential data for logged-in users. A local user can access and modify credential data to view and alter user credentials.
Exploitation is limited to users logged into the device.
4) Improper Certificate Validation (CVE-ID: CVE-2026-52896)
CWE-ID: CWE-295 - Improper Certificate Validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper certificate validation in the Streaming Telemetry Agent (TerminAttr) when using grpc tunnel. A remote attacker can present a certificate that is improperly validated to disclose sensitive information.
Only certain configurations using grpc tunnel are vulnerable.
5) Improper privilege management (CVE-ID: CVE-2026-52897)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform unauthorized operations.
The vulnerability exists due to improper privilege management in user privilege handling on the device when authenticated users access the system. A local user can obtain privilege levels that exceed intended restrictions to perform unauthorized operations.
The agent must be configured to stream to CloudVision for exploitation.
6) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2026-52898)
CWE-ID: CWE-668 - Exposure of resource to wrong sphere
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose unintended data.
The vulnerability exists due to exposure of resource to wrong sphere in the Streaming Telemetry Agent (TerminAttr) when processing a specifically designed sequence of packets. A remote user can send a specifically designed sequence of packets to disclose unintended data.
The agent must be configured to stream to CloudVision and run with the -cveapimode=queued flag.
Remediation
Install update from vendor's website.