Main Vulnerability Database Vulnerabilities #VU109388

#VU109388 Cleartext transmission of sensitive information in Arista Extensible Operating System (EOS) - CVE-2024-12378

Published: May 17, 2025

Vulnerability identifier: #VU109388

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-12378

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Extensible Operating System (EOS)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in Tunnelsec agent. Restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

Remediation

Install updates from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113

#VU109388 Cleartext transmission of sensitive information in Arista Extensible Operating System (EOS) - CVE-2024-12378

Description

Remediation

External links

Please verify you're human