vulnerability

security-advisory-0038

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:N/C:N/I:N/A:P)	Sep 13, 2018	Sep 4, 2024	Apr 29, 2025

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:N/A:P)

Published

Sep 13, 2018

Added

Sep 4, 2024

Modified

Apr 29, 2025

Description

This advisory documents a security vulnerability that affects EOS. The affected feature is 802.1x authentication, and by extension MACSec when dynamic keys are used. The vulnerability allows for crashing the Dot1x agent via a crafted packet sent from the data port which could result in a denial of service attack at the data plane preventing other users from successfully authenticating with the device. This vulnerability was identified internally by Arista Networks and Arista has not received evidence of this being exploited, as of the date of this update.

Solution

upgrade-solution-CVE-2018-14008

References

CVE-2018-14008
https://attackerkb.com/topics/CVE-2018-14008
URL-https://www.arista.com//en/support/advisories-notices/security-advisory/6072-security-advisory-38

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today