vulnerability

Security Advisory 0082

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Feb 14, 2023	Sep 4, 2024	Jan 14, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Feb 14, 2023

Added

Sep 4, 2024

Modified

Jan 14, 2026

Description

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.

Solution

upgrade-solution-cve-2023-24509

References

CVE-2023-24509
https://attackerkb.com/topics/CVE-2023-24509
https://www.arista.com//en/support/advisories-notices/security-advisory/16985-security-advisory-0082

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report