Main Vulnerability Database Vulnerabilities #VU40593

Permissions, Privileges, and Access Controls in EOS - CVE-2015-8236

Published: November 19, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40593

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-8236

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: EOS Essentials

Affected software:
EOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

How to mitigate CVE-2015-8236

Install update from vendor's website.

Sources

https://www.arista.com/support/advisories-notices/security-advisories/1221-security-advisory-15

Permissions, Privileges, and Access Controls in EOS - CVE-2015-8236

Detailed vulnerability description

How to mitigate CVE-2015-8236

Sources

Please verify you're human