CVE-2025-1260
Published: 04 March 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-1260 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) affecting Arista EOS platforms with OpenConfig configured. It stems from improper access control (CWE-284), allowing a gNOI request to execute when it should be rejected. This flaw enables unexpected configurations or operations to be applied to the switch, potentially compromising its integrity and functionality. The vulnerability was published on 2025-03-04.
Exploitation requires high privileges (PR:H) and can be performed remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). A privileged attacker could send a crafted gNOI request that bypasses intended restrictions, leading to scope expansion (S:C) and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Successful exploitation could allow arbitrary configuration changes or operational disruptions on the affected switch.
Arista has issued a security advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111, which provides details on the vulnerability and recommended mitigations. Security practitioners should consult this advisory for patch information and workaround guidance specific to affected EOS versions.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an improper access control flaw in the gNOI remote management service on Arista EOS, allowing a privileged remote attacker to bypass restrictions and apply unauthorized configurations/operations. This directly maps to exploitation of a remote service vulnerability.