On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Summary
| CVE | CVE-2024-27892 |
|---|---|
| State | PUBLISHED |
| Assigner | Arista |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-04 23:16:48 UTC |
| Updated | 2026-06-05 15:02:34 UTC |
| Description | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. |
Risk And Classification
Primary CVSS: v4.0 7.2 HIGH from [email protected]
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.001200000 probability, percentile 0.304960000 (date 2026-06-10)
Problem Types: CWE-306 | CWE-306 CWE-306 Missing Authentication for Critical Function
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 7.2 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 7.2 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Secondary | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
| 3.1 | CNA | CVSS | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
CVSS v4.0 Breakdown
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Arista Networks | EOS | affected 4.31.0 4.31.2F custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.30.0 4.30.5M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.29.0 4.29.7M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.28.0 4.28.10M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.27.0 4.27.8M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.26.0 4.26.9M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.25.0 4.25.10M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
| CNA | Arista Networks | EOS | affected 4.24.0 4.24.11M custom | 710 Series, 720D Series, 720XP/722XPM Series, 750X Series, 7010 Series, 7010X Series, 7020R Series, 7130 Series running EOS, 7150 Series, 7160 Series, 7170 Series, 7050X/X2/X3/X4 Series, 7060X/X2/X4/X5/X6 Series, 7250X Series, 7260X/X3 Series, 7280E/R/R2/R3 Series, 7300X/X3 Series, 7320X Series, 7358X4 Series, 7368X4 Series, 7388X5 Series, 7500E/R/R2/R3 Series, 7800R3 Series, CloudEOS, cEOS-lab, vEOS-lab, AWE 5000 Series |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.arista.com/en/support/advisories-notices/security-advisory/19862-securit... | [email protected] | www.arista.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
Solutions
CNA: The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2024-27892 has been fixed in the following releases: * 4.31.3M and later releases in the 4.31.x train * 4.30.6M and later release in the 4.30.x train * 4.29.8M and later releases in the 4.29.x train * 4.28.11M and later releases in the 4.28.x train
CNA: The following hotfix can be applied to remediate CVE-2024-27892. The hotfix only applies to the releases listed below and no other releases. Note: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute. EOS Versions 4.30.5 32 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix SWIX hash:(SHA512) 85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93 64 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix SWIX hash:(SHA512) 263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70 EOS Versions 4.29.7 32 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix SWIX hash:(SHA512) 0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0 64 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix SWIX hash:(SHA512) d6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4 EOS Versions 4.28.10.1 32 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix SWIX hash:(SHA512) 12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449 64 bit Version: 1.0 URL: https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix SWIX hash:(SHA512) 2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52 For instructions on installation and verification of the hotfix patch, refer to the “managing eos extensions” https://www.arista.com/en/um-eos/eos-managing-eos-extensions section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command ‘copy installed-extensions boot-extensions’.
Workarounds
CNA: The workaround is to disable gNMI Set requests. This can be done by applying per RPC authorization and ensuring no user is authorized to run the OpenConfig.Set command. switch(config-gnmi-transport-default)#show management api gnmi transport grpc default authorization requests Alternatively, TLS can be disabled: switch(config-gnmi-transport-default)#no ssl profile Alternatively, the OpenConfig agent can be disabled entirely: switch(config-gnmi-transport-default)#no management api gnmi