CVE-2015-8236 — EOS vulnerability

CWE-2643 documents3 sources

Severity

10.0CRITICALNVD

EPSS

8.0%

top 7.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista EOS

Timeline

PublishedNov 19

Latest updateMay 17

Description

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDarista/eos4.11.11+54

🔴Vulnerability Details

GHSA

GHSA-9m6g-8jcx-cg3c: Arista EOS before 4↗2022-05-17

▶

CVEList

CVE-2015-8236: Arista EOS before 4↗2015-11-19

▶