VIR Vulnerability Intelligence Relay

CVE-2015-8236

critical
Published 2015-11-19 · Modified 2026-05-06
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.arista.com/support/advisories-notices/security-advisories/1221-security-advisory-15

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.