Skip to main content

Eos CVE-2015-8236

CRITICAL
Permissions, Privileges, and Access Controls (CWE-264)
2015-11-19 cve@mitre.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Nov 19, 2015 - 11:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

AnalysisAI

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. Affected products include: Arista Eos. Version information: before 4.11.12.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Eos

View all
CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2026-7473 MEDIUM POC
6.9 Jun 05

Tunnel decapsulation logic in Arista EOS fails to verify the encapsulation protocol type, allowing any tunneled packet d

CVE-2015-5165 CRITICAL
9.3 Aug 12

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows

CVE-2023-24509 HIGH POC
7.8 Apr 13

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundan

CVE-2015-3209 HIGH
7.5 Jun 15

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending

CVE-2023-3646 HIGH POC
7.5 Aug 29

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error ma

CVE-2023-24511 HIGH POC
7.5 Apr 12

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the

CVE-2022-26300 HIGH POC
7.5 Mar 17

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Rated high severity (C

CVE-2020-15897 HIGH POC
7.5 Oct 26

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attack

CVE-2019-17596 HIGH POC
7.5 Oct 24

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA

CVE-2020-24360 HIGH POC
7.4 Dec 28

An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issu

Share

CVE-2015-8236 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy