Description
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Published: 2026-06-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Arista’s EOS, when 802.1X is enabled with multi‑auth mode, unauthenticated hosts on a switch port may be granted traffic access if an EAPOL capable device exists in the fallback VLAN. This flaw allows an attacker to bypass authentication and obtain network connectivity, potentially exposing internal resources. The weakness stems from improper handling of port authorization state and is classified under CWE‑1287.

Affected Systems

Arista Networks EOS devices are affected. The vulnerability applies to all releases prior to the patched versions. Update to EOS 4.31.2F or newer in the 4.31.x train, EOS 4.30.6M or newer in the 4.30.x train, EOS 4.29.8M or newer in the 4.29.x train, and EOS 4.28.11M or newer in the 4.28.x train to resolve the issue. Other older or unreleased firmware versions are also affected until patched.

Risk and Exploitability

Because the attack requires an EAPOL device in the fallback VLAN, it is most likely exploitable by an adversary with network connectivity or who can introduce a device into that VLAN. The EPSS score is 0.00176, indicating a very low probability of exploitation. The CVSS base score is 6.5, classifying the flaw as moderate severity. The vulnerability is not listed in the CISA KEV catalog. While the low EPSS suggests limited real‑world exploitation, the moderate CVSS indicates that, if exploited, an attacker could gain unauthorized network access and potentially move laterally within the environment.

Generated by OpenCVE AI on June 5, 2026 at 22:53 UTC.

Remediation

Vendor Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2024-6858 has been fixed in the following releases: * 4.31.2F and later releases in the 4.31.x train. * 4.30.6M and later releases in the 4.30.x train. * 4.29.8M and later releases in the 4.29.x train. * 4.28.11M and later releases in the 4.28.x train.

Vendor Workaround

This vulnerability arises when there is an EAPOL supplicant in any of the fallback VLAN’s ( i.e. auth-fail, unresponsive VLAN ). If only unauthenticated EAPOL supplicants are expected the admin can change dot1x host-mode to single-host as indicated below. switch(config-if-et1)#dot1x host-mode single-host * Dot1x Host Mode * Single Host Mode: Please note when once the 802.1X supplicant is authenticated on the port, ONLY the traffic coming from the supplicant's MAC is allowed through the port. * Multi-Host Mode: Once the 802.1X supplicant is authenticated on the port, traffic coming from ANY source MAC is allowed through the port. * Multi-Host authenticated Mode: Multiple 802.1X supplicants can be allowed and ONLY the traffic coming from all authenticated supplicant’s MAC is allowed through the port.

OpenCVE Recommended Actions

  • Upgrade the switch firmware to EOS 4.31.2F or newer (or the equivalent patched version in the 4.30.x, 4.29.x, or 4.28.x trains).
  • If upgrading is delayed, configure the affected interfaces to use single‑host mode by adding the command "dot1x host-mode single-host".
  • Verify that no EAPOL‑capable devices are present in the fallback VLAN or restrict access to that VLAN so that authentication fall‑back cannot be triggered.

Generated by OpenCVE AI on June 5, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Arista
Arista eos
Vendors & Products Arista
Arista eos

Thu, 04 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Title In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
Weaknesses CWE-1287
References

Subscriptions

Arista Eos
cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2026-06-05T20:13:59.275Z

Reserved: 2024-07-17T20:13:57.799Z

Link: CVE-2024-6858

cve-icon Vulnrichment

Updated: 2026-06-05T20:13:52.087Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-04T22:16:51.843

Modified: 2026-06-05T21:16:27.760

Link: CVE-2024-6858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T23:00:11Z

Weaknesses