CVE-2024-8000 — Improper Validation of Specified Quantity in Input in Networks EOS

CWE-1284 — Improper Validation of Specified Quantity in Input CWE-918 — Server-Side Request Forgery CWE-79 — Cross-site Scripting CWE-74 — Injection CWE-266 — Incorrect Privilege Assignment CWE-22 — Path Traversal CWE-284 — Improper Access Control CWE-601 — Open Redirect16 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 52.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista Networks EOS

Timeline

PublishedMar 4

Latest updateAug 18

Description

On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages1 packages

▶CVEListV5arista_networks/eos4.32.0 — 4.32.4M+2

🔴Vulnerability Details

GHSA

GHSA-8fjr-734h-7jj5: On affected platforms running Arista EOS with 802↗2025-03-04

▶

CVEList

▶

GHSA

@lobehub/chat Server Side Request Forgery vulnerability↗2024-11-26

▶

GHSA

MobSF vulnerable to Open Redirect in Login Redirect↗2024-07-31

▶

GHSA

Hono vulnerable to Restricted Directory Traversal in serveStatic with deno↗2024-04-23

▶

💥Exploits & PoCs

Exploit-DB

BigAnt Office Messenger 5.6.06 - SQL Injection↗2025-08-18

▶

📋Vendor Advisories

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2024-8904↗2024-10-01

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-9120↗2024-09-24

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-6988↗2024-07-23

▶

Cisco

Cisco IOS XR Software SSH Privilege Escalation Vulnerability↗2024-03-13

▶

Chrome

Stable Channel Update for Desktop: CVE-2024-3168↗2024-02-20

▶