Description
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Published: 2026-06-04
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A gNMI Set request can be accepted by Arista EOS devices even when the OpenConfig interface should have rejected it because the request lacked the proper authentication for a critical function. This flaw allows an attacker who can reach the gNMI API to push arbitrary configuration changes to the switch, potentially disabling network services, altering routing tables, or compromising security settings. The weakness is a missing authentication for critical functions (CWE‑306).

Affected Systems

Arista Networks EOS devices that have OpenConfig enabled are vulnerable. All releases in the 4.31.x, 4.30.x, 4.29.x, and 4.28.x trains are affected, with remediation available by upgrading to at least 4.31.3M, 4.30.6M, 4.29.8M, or 4.28.11M respectively. For earlier releases such as 4.30.5, 4.29.7, and 4.28.10.1, a specific hotfix SWIX package has been provided by Arista.

Risk and Exploitability

The CVSS score of 7.2 rates this vulnerability as high. No EPSS score is available, and it is not listed in the CISA KEV catalog. The likely attack vector is remote over the gNMI gRPC interface, potentially over TLS if SSL profiles are enabled. An attacker who can reach this interface, especially with valid credentials for the gNMI service, could exploit the missing authentication to push unauthorized configuration changes, leading to service disruption or denial of network infrastructure.

Generated by OpenCVE AI on June 5, 2026 at 00:30 UTC.

Remediation

Vendor Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2024-27892 has been fixed in the following releases: * 4.31.3M and later releases in the 4.31.x train * 4.30.6M and later release in the 4.30.x train * 4.29.8M and later releases in the 4.29.x train * 4.28.11M and later releases in the 4.28.x train

Vendor Workaround

The workaround is to disable gNMI Set requests. This can be done by applying per RPC authorization and ensuring no user is authorized to run the OpenConfig.Set command. switch(config-gnmi-transport-default)#show management api gnmi transport grpc default authorization requests Alternatively, TLS can be disabled: switch(config-gnmi-transport-default)#no ssl profile Alternatively, the OpenConfig agent can be disabled entirely: switch(config-gnmi-transport-default)#no management api gnmi

OpenCVE Recommended Actions

  • Upgrade the EOS firmware to a version that contains the fix – for example, any release >= 4.31.3M, 4.30.6M, 4.29.8M, or 4.28.11M; if your device runs an earlier release, install the corresponding hotfix SWIX package as described by Arista.
  • As a temporary measure, configure per‑RPC authorization to deny the OpenConfig.Set command to all users; this blocks the unauthorized Set requests without requiring a firmware upgrade.
  • If disabling the Set command is not feasible, disable SSL profiles (no ssl profile) or disable the entire OpenConfig gNMI agent (no management api gnmi) until a patch is applied.

Generated by OpenCVE AI on June 5, 2026 at 00:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Arista
Arista eos
Vendors & Products Arista
Arista eos

Thu, 04 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Description Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Title On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (SSL Profiles Enabled).
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Arista Eos
cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2026-06-05T18:30:17.119Z

Reserved: 2024-02-26T18:06:32.161Z

Link: CVE-2024-27892

cve-icon Vulnrichment

Updated: 2026-06-05T18:30:13.047Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T23:16:48.117

Modified: 2026-06-05T15:02:34.977

Link: CVE-2024-27892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:07:16Z

Weaknesses