CVE-2024-27890 - Vulnerability Details

- On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).

Description

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

Published: 2026-06-04

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in Arista EOS allows a gNMI Set request to be processed despite OpenConfig being configured to reject such requests when no SSL profiles are enabled. This flaw results in the switch applying unintended configuration changes, which can alter routing, security, or other network behavior. The weakness is a missing authentication or authorization check (CWE‑306), leading to potential integrity violations but not directly enabling code execution or data exfiltration.

Affected Systems

Arista Networks EOS is affected. Versions lower than 4.30.0M, 4.29.8M, and 4.28.11M remain vulnerable. All firmware in the 4.28.x, 4.29.x, and 4.30.x trains before the listed release thresholds are susceptible. Upgrading to 4.30.0M or later, 4.29.8M or later, or 4.28.11M or later releases resolves the issue.

Risk and Exploitability

The CVSS score of 7.2 places this vulnerability in the medium to high severity range. No EPSS data is available, and it is not currently catalogued in CISA KEV. Attackers need network access to the gNMI interface and must exploit the lack of SSL profile enforcement; thus, the likely attack vector is a remotely reachable network device with OpenConfig enabled. The impact is the unauthorized application of configuration changes, potentially disrupting network operation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Arista Networks

EOS

unaffected

Version	Status	Constraints
`4.29.0`	affected	≤ 4.29.7M
`4.28.0`	affected	≤ 4.28.10M
`4.27.0`	affected	≤ 4.27.8M
`4.26.0`	affected	≤ 4.26.9M
`4.25.0`	affected	≤ 4.25.10M
`4.24.0`	affected	≤ 4.24.11M

No data.

Vendor Product Confidence Versions

Arista

Eos

100%

Version	Status	Scheme	Platform
`[4.29.0,4.29.7M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']
`[4.28.0,4.28.10M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']
`[4.27.0,4.27.8M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']
`[4.26.0,4.26.9M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']
`[4.25.0,4.25.10M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']
`[4.24.0,4.24.11M]`	affected	generic	['710_series', '720d_series', '720xp/722xpm_series', '750x_series', '7010_series', '7010x_series', '7020r_series', '7130_series_running_eos', '7150_series', '7160_series', '7170_series', '7050x/x2/x3/x4_series', '7060x/x2/x4/x5/x6_series', '7250x_series', '7260x/x3_series', '7280e/r/r2/r3_series', '7300x/x3_series', '7320x_series', '7358x4_series', '7368x4_series', '7388x5_series', '7500e/r/r2/r3_series', '7800r3_series', 'cloudeos', 'ceos-lab', 'veos-lab', 'awe_5000_series']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2024-27890 has been fixed in the following releases: * 4.30.0M and onwards * 4.29.8M and later releases in the 4.29.x train * 4.28.11M and later releases in the 4.28.x train

Vendor Workaround

The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely: switch(config-gnmi-transport-default)#no management api gnmi Alternatively for both, the OpenConfig agent can be disabled. switch(config-gnmi-transport-default)#no management api gnmi

OpenCVE Recommended Actions

Upgrade Arista EOS to a remediated release (4.30.0M+, 4.29.8M+, or 4.28.11M+) or apply the vendor‑provided hotfix SWIX for your specific version.
Make the patch persistent across reboots by executing "copy installed-extensions boot-extensions".
As an interim measure, disable the OpenConfig gNMI agent with "switch(config-gnmi-transport-default)#no management api gnmi".

Generated by OpenCVE AI on June 4, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00276.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099

History

Fri, 05 Jun 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 05 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Arista Arista eos
Vendors & Products		Arista Arista eos

Thu, 04 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Title		On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).
Weaknesses		CWE-306
References		https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H'}` cvssV4_0 `{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Arista Eos

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2026-06-04T22:27:36.610Z

Updated: 2026-06-05T18:29:28.151Z

Reserved: 2024-02-26T18:06:32.160Z

Link: CVE-2024-27890

Vulnrichment

Updated: 2026-06-05T18:29:24.588Z

NVD

Status : Awaiting Analysis

Published: 2026-06-04T23:16:47.487

Modified: 2026-06-05T15:02:34.977

Link: CVE-2024-27890

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-05T10:07:17Z

Weaknesses

CWE-306

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object