Arista Security Vulnerabilities (CVEs)

Track 22 security vulnerabilities affecting Arista products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

5 Critical

14 High

3 Medium

Sort by:

🔔 Get Alerts for Arista

CVE-2025-2767 9.6

This critical vulnerability in Arista NG Firewall allows remote attackers to execute arbitrary code with root privileges by exploiting a cross-site sc...

Apr 23, 2025

CVE-2024-9134 8.3

Multiple SQL injection vulnerabilities in the reporting application allow authenticated users with advanced report access rights to execute arbitrary ...

Jan 10, 2025

CVE-2024-9188 8.8

CVE-2024-9188 is a cross-site scripting vulnerability in Arista products that allows attackers to inject malicious scripts via specially crafted queri...

Jan 10, 2025

CVE-2024-47519 8.3

CVE-2024-47519 is a man-in-the-middle vulnerability in Arista's ETM backup upload functionality that allows attackers to intercept and potentially mod...

Jan 10, 2025

CVE-2024-47520 7.6

This vulnerability allows users with advanced report application access rights to perform unauthorized actions beyond their intended permissions. It a...

Jan 10, 2025

CVE-2024-9131 7.2

This CVE allows administrators to execute arbitrary commands through command injection in Arista products. Attackers with admin privileges can exploit...

Jan 10, 2025

CVE-2024-9132 8.1

This vulnerability allows administrators to configure insecure captive portal scripts in Arista EOS devices, potentially enabling remote code executio...

Jan 10, 2025

CVE-2024-9133 6.6

This vulnerability allows administrators to retrieve authentication tokens, potentially enabling privilege escalation or lateral movement. It affects ...

Jan 10, 2025

CVE-2024-47517 6.8

This vulnerability allows attackers to obtain expired administrator authentication tokens from network devices that have timed out from ETM (Embedded ...

Jan 10, 2025

CVE-2024-12830 7.3

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Arista NG Firewall systems via directory traversal in the cust...

Dec 20, 2024

CVE-2024-12832 6.3

This SQL injection vulnerability in Arista NG Firewall's ReportEntry class allows authenticated attackers to read and write arbitrary files on affecte...

Dec 20, 2024

CVE-2024-27889 8.8

This CVE describes SQL injection vulnerabilities in Arista Edge Threat Management (NGFW) reporting application. Authenticated users with advanced repo...

Mar 4, 2024

CVE-2023-24510 7.5

This vulnerability in Arista EOS DHCP relay agent allows an attacker to cause a denial of service by sending a malformed DHCP packet, leading to the a...

Jun 5, 2023

CVE-2023-24512 8.8

This vulnerability allows authenticated attackers with gNMI access to modify arbitrary configurations on Arista EOS switches when the Streaming Teleme...

Apr 25, 2023

CVE-2023-24509 9.3

This vulnerability allows an existing unprivileged user with valid credentials to log into the standby supervisor module as root, leading to privilege...

Apr 13, 2023

CVE-2023-24545 7.5

This vulnerability in Arista CloudEOS allows attackers to cause denial of service by sending malformed packets that leak packet buffers. If enough mal...

Apr 12, 2023

CVE-2021-28505 7.5

This vulnerability in Arista EOS platforms allows VXLAN match rules in IPv4 access-lists to ignore specified IP protocols when applied to L2/L3 port i...

Apr 14, 2022

CVE-2021-28503 7.4

Arista EOS eAPI authentication bypass vulnerability allows remote attackers to access network devices without proper credential validation when certif...

Feb 4, 2022

CVE-2021-28500 9.1

This vulnerability in Arista EOS allows local users with 'nopassword' configuration to gain unrestricted access to network devices due to incorrect AA...

Jan 14, 2022

CVE-2021-28506 9.1

CVE-2021-28506 is an authentication bypass vulnerability in Arista EOS gNOI APIs that allows unauthorized factory resets of network devices. This affe...

Jan 14, 2022

CVE-2021-28494 9.6

This vulnerability allows unprivileged users to bypass authentication in Arista's Metamako Operating System Web UI under certain conditions. It affect...

Sep 9, 2021

CVE-2021-28498 8.7

Arista MOS software stores user enable passwords in clear text, allowing unprivileged users to gain complete system access. This affects Arista 7130 p...

Sep 9, 2021

Why Monitor Arista Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 22+ known vulnerabilities affecting Arista products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Arista packages in under 60 seconds. No agents required - completely agentless scanning that works across Arista deployments.

Free vulnerability database: Access detailed information about every Arista CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Arista CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Arista CVEs Free