#VU109873 Improper access control in Arista Extensible Operating System (EOS) - CVE-2025-2826
Published: May 27, 2025
Vulnerability identifier: #VU109873
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-2826
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Arista Extensible Operating System (EOS)
Arista Extensible Operating System (EOS)
Software vendor:
Arista Networks
Arista Networks
Description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper enforcement of ACL policies. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied.
Remediation
Install updates from vendor's website.