vulnerability

Arista: EOS: CVE-2024-6409: security-advisory-0100

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:M/Au:N/C:P/I:P/A:C)	Jul 8, 2024	Jul 23, 2025	Jan 14, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:C)

Published

Jul 8, 2024

Added

Jul 23, 2025

Modified

Jan 14, 2026

Description

CVE-2024-6409 is a vulnerability specific to Red Hat-derived distributions, including RHEL and its downstream variants, that is similar in nature to CVE-2024-6387 but affecting a different signal-handling path. The flaw involves the unsafe use of non-async-signal-safe functions inside a signal handler, which can be exploited by a remote unauthenticated attacker to potentially perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Solution

upgrade-solution-cve-2024-6409

References

CVE-2024-6409
https://attackerkb.com/topics/CVE-2024-6409
URL-https://www.arista.com/en/support/advisories-notices/security-advisory/19904-security-advisory-0100
CWE-364

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today