Main Vulnerability Database Vulnerabilities #VU109388

Cleartext transmission of sensitive information in Arista Extensible Operating System (EOS) - CVE-2024-12378

Published: May 17, 2025

Vulnerability identifier: #VU109388

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-12378

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Extensible Operating System (EOS)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in Tunnelsec agent. Restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

How to mitigate CVE-2024-12378

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/21289-security-advisory-0113

Cleartext transmission of sensitive information in Arista Extensible Operating System (EOS) - CVE-2024-12378

Detailed vulnerability description

How to mitigate CVE-2024-12378

Sources

Please verify you're human