Main Vulnerability Database Vulnerabilities #VU109384

#VU109384 Protection Mechanism Failure in Arista Extensible Operating System (EOS) - CVE-2024-8000

Published: May 17, 2025

Vulnerability identifier: #VU109384

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2024-8000

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Extensible Operating System (EOS)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when handling dynamic ACLs when running Arista EOS with 802.1x. Under certain circumstances a dynamic ACL can be sent by the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.

Remediation

Install updates from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109

#VU109384 Protection Mechanism Failure in Arista Extensible Operating System (EOS) - CVE-2024-8000

Description

Remediation

External links

Please verify you're human