CVE-2023-5502

MEDIUM

Arista EOS 802.1X Access Ports - Authentication Bypass

Title source: manual

Description

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.

References (1)

Core 1

Core References

https://www.arista.com/en/support/advisories-notices/security-advisory/19462-security-advisory-0096

Scores

CVSS v3 5.9

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (8)

Arista Networks/EOS 4.24.0 - 4.24.11M

Arista Networks/EOS 4.25.0 - 4.25.11M

Arista Networks/EOS 4.26.0 - 4.26.11M

Arista Networks/EOS 4.27.0 - 4.27.11M

Arista Networks/EOS 4.28.0 - 4.28.8M

Arista Networks/EOS 4.29.0 - 4.29.6M

Arista Networks/EOS 4.30.0 - 4.30.4M

Arista Networks/EOS 4.31.0 - 4.31.0F

Published Jun 04, 2026

Tracked Since Jun 05, 2026