Arista EOS Remote Arbitrary Code Execution Vulnerability (CVE-2015-8236)
Arista EOS Remote Arbitrary Code Execution Vulnerability (CVE-2015-8236)
Release date:
Updated on:
Affected Systems:
Arista EOS <4.11.12
Arista EOS 4.15-4.15.0FX1.1
Arista EOS 4.14-4.14.5FX.5
Arista EOS 4.13-4.13.14M
Arista EOS 4.12-4.12.11
Description:
CVE (CAN) ID: CVE-2015-8236
EOS is a network operating system of Arista and an independent image that can run on all Arista devices and virtual machines.
In some versions of Arista EOS, the permission escalation vulnerability exists. By accessing the Management Panel, remote attackers can execute arbitrary code with root privileges.
<* Source: Arista Networks
Link: https://www.arista.com/zh/support/advisories-notices/security-advisories/1221-security-advisory-15
*>
Suggestion:
Vendor patch:
Arista
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.arista.com
Https://www.arista.com/zh/support/advisories-notices/security-advisories/1221-security-advisory-15
This article permanently updates the link address: