CVE-2024-27890 - Vulnerability Details - OpenCVE

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099

History

Thu, 04 Jun 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Title		On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).
Weaknesses		CWE-306
References		https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H'}` cvssV4_0 `{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2026-06-04T22:27:36.610Z

Updated: 2026-06-04T22:27:36.610Z

Reserved: 2024-02-26T18:06:32.160Z

Link: CVE-2024-27890

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-04T23:16:47.487

Modified: 2026-06-04T23:16:47.487

Link: CVE-2024-27890

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-27890", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2024-02-26T18:06:32.160Z", "datePublished": "2026-06-04T22:27:36.610Z", "dateUpdated": "2026-06-04T22:27:36.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2026-06-04T22:27:36.610Z"}, "title": "On affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected (No SSL Profiles Enabled).", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "platforms": ["710 Series", "720D Series", "720XP/722XPM Series", "750X Series", "7010 Series", "7010X Series", "7020R Series", "7130 Series running EOS", "7150 Series", "7160 Series", "7170 Series", "7050X/X2/X3/X4 Series", "7060X/X2/X4/X5/X6 Series", "7250X Series", "7260X/X3 Series", "7280E/R/R2/R3 Series", "7300X/X3 Series", "7320X Series", "7358X4 Series", "7368X4 Series", "7388X5 Series", "7500E/R/R2/R3 Series", "7800R3 Series", "CloudEOS", "cEOS-lab", "vEOS-lab", "AWE 5000 Series"], "versions": [{"status": "affected", "version": "4.29.0", "lessThanOrEqual": "4.29.7M", "versionType": "custom"}, {"status": "affected", "version": "4.28.0", "lessThanOrEqual": "4.28.10M", "versionType": "custom"}, {"status": "affected", "version": "4.27.0", "lessThanOrEqual": "4.27.8M", "versionType": "custom"}, {"status": "affected", "version": "4.26.0", "lessThanOrEqual": "4.26.9M", "versionType": "custom"}, {"status": "affected", "version": "4.25.0", "lessThanOrEqual": "4.25.10M", "versionType": "custom"}, {"status": "affected", "version": "4.24.0", "lessThanOrEqual": "4.24.11M", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.</span><br>"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099"}], "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:\n\nswitch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name\n\nIf OpenConfig is not configured there is no exposure to this issue and the message will look like:\n\nswitch(config)#show management api gnmi\nEnabled: no transports enabled", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In order to be vulnerable to CVE-2024-27890, the only condition is that OpenConfig must be enabled:</p><pre>switch(config-gnmi-transport-default)#show management api gnmi\nTransport: default\nEnabled: yes\nServer: running on port 6030, in default VRF\nSSL profile: none\nQoS DSCP: none\nAuthorization required: no\nAccounting requests: no\nNotification timestamp: last change time\nListen addresses: ::\nAuthentication username priority: x509-spiffe, metadata, x509-common-name</pre><br><p>If OpenConfig is not configured there is no exposure to this issue and the message will look like:</p><pre>switch(config)#show management api gnmi\nEnabled: no transports enabled</pre>"}]}], "workarounds": [{"lang": "en", "value": "The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi\n\n\n\n\n\n\n\nAlternatively for both, the OpenConfig agent can be disabled.\n\n\n\nswitch(config-gnmi-transport-default)#no management api gnmi", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The workaround to mitigate this vulnerability is to disable the OpenConfig agent entirely:</p><pre>switch(config-gnmi-transport-default)#no management api gnmi<br><p><br></p><p>Alternatively for both, the OpenConfig agent can be disabled.</p><pre>switch(config-gnmi-transport-default)#no management api gnmi</pre></pre>"}]}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2024-27890 has been fixed in the following releases:\n * 4.30.0M and onwards\n * 4.29.8M and later releases in the 4.29.x train\n * 4.28.11M and later releases in the 4.28.x train", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.<br>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>CVE-2024-27890 has been fixed in the following releases:</div><ul><li>4.30.0M and onwards</li><li>4.29.8M and later releases in the 4.29.x train</li><li>4.28.11M and later releases in the 4.28.x train</li></ul>"}]}, {"lang": "en", "value": "The following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.\n\n\n\nNote: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.\n\nEOS Versions 4.30.5\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70\n\n\u00a0\n\nEOS Versions 4.29.7\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\nd6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4\n\n\u00a0\n\nEOS Versions 4.28.10.1\n\n32 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449\n\n\u00a0\n\n\n\n64 bit\nVersion: 1.0\nURL:\n https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix \n\n\n\nSWIX hash:(SHA512)\n2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52\n\n\u00a0\n\n\n\nFor instructions on installation and verification of the hotfix patch, refer to the\u00a0 \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The following hotfix can be applied to remediate CVE-2024-27890. The hotfix only applies to the releases listed below and no other releases.</p><p>Note: Installing/uninstalling the SWIX will cause the OpenConfig/Octa process to restart. Services may be unavailable for up to one minute.</p>EOS Versions 4.30.5<p><b>32 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_32_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>85ec967b17231edd542800a4a5b305de93308ba5365c858470e7ce848bbc6c357be614f2f668b4a1d93c7afa2cb5e62ac12efda00874f6801dff35351da9ed93</pre><div> </div><p><b>64 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.30.5_64_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>263331d15057c38e2e9c4af20f9795989ec962dc159c3136f4eb2e2370859866534b44a17ba9c2ec3249071ccfe83eb0047960693864de532de44fe36766fd70</pre><div> </div>EOS Versions 4.29.7<p><b>32 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_32_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>0317d77d621fa648aa15d607c6db1a8f648da82e14e0886aea0525e0d726ff83a0ed507755b733d1644797dece85203dfe6998b65108b10ba5a9b9be8f57c4f0</pre><div> </div><p><b>64 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.29.7_64_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>d6d1d806fbd80d9d3972d8bb965b82cf1241c166ce960ff2af12de084c17160433188683fe48d5e3f24ba996e4b4262e95998683c50f80ce2f870fd3f02cbdc4</pre><div> </div>EOS Versions 4.28.10.1<p><b>32 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_32_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>12ec36dd68decff5d81f68504dfdba0c01697153366c6de01ac5189c0250516a01d0128179155b21bd028cbbc1b634e8bc143244a2bed089824d4dc4b6c92449</pre><div> </div><p><b>64 bit</b><br>Version: 1.0<br>URL:<br><a href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix\">https://www.arista.com/support/advisories-notices/sa-download/?sa99-CVE-2024-27890_CVE-2024-27892_4.28.10.1_64_Hotfix.swix</a></p><pre>SWIX hash:(SHA512)<br>2f01a806867d6ffc95bef907164b3c92058382ccda5af006f66f350575a235a6f1ed491974b68dc952947d7cf9897028efa2266411e380da6a646719a420ec52</pre><div> </div><p>For instructions on installation and verification of the hotfix patch, refer to the <a href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\" target=\"_blank\" rel=\"noopener noreferrer\">\u201cmanaging eos extensions\u201d</a> section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.</p>"}]}], "source": {"defect": ["BUG 747512"], "advisory": "0099", "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}, "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H"}}]}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch."}], "id": "CVE-2024-27890", "lastModified": "2026-06-04T23:16:47.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "psirt@arista.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2026-06-04T23:16:47.487", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19862-security-advisory-0099"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "psirt@arista.com", "type": "Secondary"}]}