CVE-2024-27891
5.3 MEDIUMOn affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enfor...
Published: 2026-06-04 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-284
Description
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48610 — Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability fou... (8.1 HIGH)
- CVE-2026-47366 — Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenti... (7.2 HIGH)
- CVE-2026-44249 — Netty is a network application framework for development of protocol servers and clients (8.1 HIGH)
- CVE-2026-45178 — Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints
- CVE-2026-45177 — Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components