CVE-2024-27890

Summary

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksEOS4.29.0 <= 4.29.7Maffected
Arista NetworksEOS4.28.0 <= 4.28.10Maffected
Arista NetworksEOS4.27.0 <= 4.27.8Maffected
Arista NetworksEOS4.26.0 <= 4.26.9Maffected
Arista NetworksEOS4.25.0 <= 4.25.10Maffected
Arista NetworksEOS4.24.0 <= 4.24.11Maffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:

switch(config-gnmi-transport-default)#no management api gnmi

Alternatively for both, the OpenConfig agent can be disabled.

switch(config-gnmi-transport-default)#no management api gnmi

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References