CVE-2024-27891
published 2026-06-04CVE-2024-27891: On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.28%
19.9th percentile
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista_networks | eos | >= 4.27.2F < 4.28.0 | 4.28.0 |
| arista_networks | eos | 4.28.0 – 4.28.10.1M | — |
| arista_networks | eos | 4.29.0 – 4.29.7M | — |
| arista_networks | eos | 4.30.0 – 4.30.6M | — |
| arista_networks | eos | 4.31.0 – 4.31.2F | — |
| arista_networks | eos | 4.32.0 – 4.32.0.1F | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Arista EOS up to 4.32.0.1F access control
vuldb·2026-06-05·CVSS 6.9
CVE-2024-27891 [MEDIUM] Arista EOS up to 4.32.0.1F access control
A vulnerability labeled as critical has been found in Arista EOS up to 4.32.0.1F. This affects an unknown function. Such manipulation leads to improper access controls.
This vulnerability is referenced as CVE-2024-27891. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
GHSA
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.
ghsa_unreviewed·2026-06-05
CVE-2024-27891 [MEDIUM] CWE-284 On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports.
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-04
Published