Description
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- local
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-269NVD-CWE-noinfo
Metadata
- Primary Vendor
- ARISTA
- Published
- 4/13/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
arista : eosarista : eosarista : eosarista : eosarista : eosarista : eos
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.