Main Vulnerability Database Vulnerabilities #VU109369

#VU109369 Security features bypass in Arista Extensible Operating System (EOS) - CVE-2024-27891

Published: May 17, 2025

Vulnerability identifier: #VU109369

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-27891

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Extensible Operating System (EOS)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an unspecified error on Arista EOS with MACsec and egress ACLs configured on the same interfaces. The ACL policies may not be enforced for packets egressing on those ports.

Remediation

Install updates from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/19908-security-advisory-0102

#VU109369 Security features bypass in Arista Extensible Operating System (EOS) - CVE-2024-27891

Description

Remediation

External links

Please verify you're human