CVE-2024-8000

{"id": "CVE-2024-8000", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2025-03-04T21:15:12.220", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21086-security-advisory-0109", "source": "psirt@arista.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. \n\nNote: supplicants with pending captive-portal authentication during ASU would be impacted with this bug."}, {"lang": "es", "value": "En las plataformas afectadas que ejecutan Arista EOS con 802.1X configurado, pueden ocurrir ciertas condiciones en las que se recibe una ACL din\u00e1mica del servidor AAA, lo que hace que solo se instale la primera l\u00ednea de la ACL despu\u00e9s de un reinicio de la Actualizaci\u00f3n de software acelerada (ASU). Nota: los solicitantes con autenticaci\u00f3n de portal cautivo pendiente durante la ASU se ver\u00edan afectados por este error."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@arista.com"}