CVE-2024-27890
Summary
by MITRE • 06/05/2026
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/05/2026
This vulnerability represents a critical access control flaw in Arista EOS network operating systems that implement OpenConfig protocols. The issue manifests when gNMI Set requests are processed without proper authentication and authorization checks, allowing unauthorized configuration modifications to be applied to network switches. The vulnerability stems from insufficient validation mechanisms within the gNMI service implementation, where legitimate configuration requests that should be rejected due to missing or invalid credentials are instead being processed and applied to the device.
The technical flaw occurs at the protocol handling layer where gNMI Set operations bypass standard security controls that should validate client credentials and permissions before executing configuration changes. This represents a failure in the principle of least privilege enforcement, where the system does not properly verify that incoming requests originate from authorized sources with appropriate access rights. The vulnerability is particularly concerning because it affects the core configuration management capabilities of network infrastructure devices, potentially allowing attackers to modify critical network parameters including routing configurations, access control lists, and interface settings.
Operational impact of this vulnerability extends beyond simple configuration changes as it can lead to significant network disruption and security compromise. An attacker who can send malicious gNMI Set requests could potentially redirect network traffic, disable critical services, or establish persistent backdoors within the network infrastructure. The vulnerability aligns with CWE-285 which addresses improper authorization in security systems, and specifically relates to the ATT&CK technique T1059.007 for Command and Scripting Interpreter and T1566 for Phishing. Network administrators may not immediately detect unauthorized configuration changes since the system processes requests as if they were legitimate, creating a stealthy attack vector that can persist undetected for extended periods.
Mitigation strategies should focus on implementing robust authentication mechanisms for all gNMI operations including mandatory certificate-based authentication and proper authorization enforcement. Network administrators should disable gNMI services when not actively required and ensure that all gNMI clients are properly authenticated before any configuration changes are accepted. The system should enforce strict access controls that validate both client identity and privilege levels before processing any gNMI Set requests. Additionally, comprehensive logging and monitoring should be implemented to detect unauthorized configuration changes and provide audit trails for security incident response. Regular security assessments should verify that gNMI implementations properly enforce access controls and that configuration changes are only applied after successful authentication and authorization validation.