CVE-2024-8000
Published: 04 March 2025
Summary
CVE-2024-8000 is a medium-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Arista EOS (inferred from references). Its CVSS base score is 5.3 (Medium).
Operationally, ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54121
Vulnerability details
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU)…
more
restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.