Security features bypass in Arista Extensible Operating System (EOS) - CVE-2024-27891
Published: May 17, 2025
Vulnerability identifier: #VU109369
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-27891
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Arista Networks
Affected software:
Arista Extensible Operating System (EOS)
Arista Extensible Operating System (EOS)
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an unspecified error on Arista EOS with MACsec and egress ACLs configured on the same interfaces. The ACL policies may not be enforced for packets egressing on those ports.
How to mitigate CVE-2024-27891
Install updates from vendor's website.