a8ÓéÀÖ

April 15, 2025

On affected versions of the a8ÓéÀÖ CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

This vulnerability was discovered internally and a8ÓéÀÖ is not aware of any malicious uses of this issue in customer networks.

April 15, 2025

On a8ÓéÀÖ CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

The issue was discovered internally by a8ÓéÀÖ. a8ÓéÀÖ is not aware of any malicious uses of this issue in customer networks.

April 15, 2025

On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the a8ÓéÀÖ CloudVision Portal products when run on-premise. It does not impact CloudVision as-a-Service.

The issue was discovered internally by a8ÓéÀÖ. a8ÓéÀÖ is not aware of any malicious uses of this issue in customer networks.

April 8, 2025

?

On affected platforms running a8ÓéÀÖ EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

a8ÓéÀÖ is not aware of any malicious uses of this issue in customer networks.

On affected platforms running a8ÓéÀÖ EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.

This vulnerability is being tracked by BUG 992963

For both CVE-2025-1259 and CVE-2025-1260, on affected platforms running a8ÓéÀÖ EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
CVE-2025-1259 can result in users retrieving data that should not have been available.
CVE-2025-1260 can result in unexpected configuration/operations being applied to the switch.
These issues were discovered internally, and a8ÓéÀÖ is unaware of any malicious uses of these issues in customer networks. These are similar types of authorization issues and are being released together due to their similarity.

The CVE-IDs tracking this issue: CVE-2025-1259 and CVE-2025-1260

On affected platforms running a8ÓéÀÖ EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.

The CVE-ID tracking this issue: CVE-2024-9135

On affected platforms running a8ÓéÀÖ EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.

The CVE-ID tracking this issue: CVE-2024-8000

On affected platforms running a8ÓéÀÖ EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.

The CVE-ID tracking this issue: CVE-2024-6437

On affected platforms running a8ÓéÀÖ EOS with SNMP configured, if ¡°snmp-server transmit max-size¡± is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well. This was discovered internally by a8ÓéÀÖ and we are not aware of any malicious uses of this issue in customer networks.

The CVE-ID tracking this issue: CVE-2024-7095