vulnerability
security-advisory-0062
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Mar 16, 2021 | Sep 4, 2024 | Apr 29, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Mar 16, 2021
Added
Sep 4, 2024
Modified
Apr 29, 2025
Description
This advisory documents the impact of a publicly disclosed vulnerability in the Go programming language (maintained by Google), on Arista products. The vulnerability affects features that use TLS connections or client certificate authentication. When exploited, the vulnerability can allow denial of service attacks for the affected features. EOS devices running the affected releases are vulnerable if any of the following features are enabled: TerminAttr, gRIBI, Octa, or OpenConfig. The impact is an agent crash for the affected feature. Arista is not aware of any malicious uses of this issue in customer networks.
Solution
upgrade-solution-CVE-2020-28362
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.