CVE-2024-27890
On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).
CVSS Score
9.6
EPSS Score
0.3%
EPSS Percentile
51th
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
| CWE | CWE-306 |
| Vendor | arista networks |
| Product | eos |
| Published | Jun 4, 2026 |
| Last Updated | Jun 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for arista networks eos
Be the first to know when new critical vulnerabilities affecting arista networks eos are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High
Affected Versions
Arista Networks / EOS
4.29.0 ≤ 4.29.7M 4.28.0 ≤ 4.28.10M 4.27.0 ≤ 4.27.8M 4.26.0 ≤ 4.26.9M 4.25.0 ≤ 4.25.10M 4.24.0 ≤ 4.24.11M