Arista OS Image Validation Bypass

MEDIUM (5.9) No Patch (51 days)
cwe-347aristanetworking-softwareos-image-validation-bypassvulnerability-exploitation

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 0%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Arista is a networking equipment manufacturer that provides software for managing and configuring their devices. The vulnerability in question allows an attacker to bypass the validation of upgrade images by dropping a specifically crafted file into the upgrade ISO, potentially leading to unauthorized changes to the device's configuration.

Am I affected?

You're affected if you use Arista OS version 4.25.5 or later. To check if your device is vulnerable, run the following command:

sudo grep -q "image-validation" /etc/arista/upgrade_image.conf

Note that this vulnerability does not affect other networking equipment manufacturers.

Affected Products

Arista Networks / OS

How to fix

To fix this vulnerability, upgrade to Arista OS version 4.27 or later. Alternatively, if an immediate upgrade is not possible:

  • Immediately restrict network access to your device (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References