What is CVE-2024-27892?

CVE-2024-27892 is a critical-severity vulnerability in Arista Networks Eos, classified under Missing Authentication for Critical Function. CVSS score: 9.6/10. Published 2026-06-04.

How severe is CVE-2024-27892?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Auth bypass in Arista Networks Eos

CVE-2024-27892

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H.

Affected products

Arista Networks Eos — versions 4.31.0, 4.30.0, 4.29.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

psirt@arista.com

Frequently asked questions

What is CVE-2024-27892?: CVE-2024-27892 is a critical-severity vulnerability in Arista Networks Eos, classified under Missing Authentication for Critical Function. CVSS score: 9.6/10. Published 2026-06-04.
How severe is CVE-2024-27892?: Critical severity. CVSS v3 base score is 9.6 out of 10.