Eos Cloudvision Exchange Cvx
Monthly
Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.
Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.
Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.
Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.