CVE-2025-1260Improper Access Control in Networks EOS

CWE-284Improper Access ControlCWE-1260Improper Handling of Overlap Between Protected Memory Ranges4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.1%
top 73.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedMar 4

Description

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5arista_networks/eos4.33.04.33.1+5

🔴Vulnerability Details

2
CVEList
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.2025-03-04
GHSA
GHSA-qphr-fcm6-q558: On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected2025-03-04

📋Vendor Advisories

1
Microsoft
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.2024-05-14
CVE-2025-1260 — Improper Access Control in Networks EOS | cvebase