Arista Security Advisories

Date: January 11th, 2022 Revision Date Changes 1.0 January 11th, 2022 Initial release   Security Advisory 0071 The CVE-ID tracking this issue: CVE-2021-28500 CVSSv3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) The CVE-ID tracking this issue: CVE-2021-28501 CVSSv3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) The CVE-ID tracking this issue: CVE-2021-28506 CVSSv3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) Th ...

Date: December 15th, 2021 Version: 1.0 Revision Date Changes 1.0 December 15th, 2021 Initial Release   Description Security Advisory 0070 documents the impact and mitigation for all Arista Networks products in response to CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2 utility (versions <=2.14.1). An attacker who can control log messages or log message parameters can execute arbitrary code loaded from malicious LDAP servers when message l ...

Date: December 12th, 2021 Version: 1.0 Revision Date Changes 1.0 December 12th, 2021 Initial Release   Description Arista Networks is providing this security update in response to the CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2 utility ( versions <=2.14.1 ). An attacker who can control log messages or log message parameters can execute arbitrary code loaded from malicious LDAP servers when message lookup substitution is enabled and by ...

Date: December 10, 2021 Category: Software Notification for on-premises Wireless Manager (WM) only: issue with WM upgrades via the WM UI   Affected Products: The issues and resolutions described in this advisory apply only to on-premises deployments of Wireless Manager. The issues have been observed in WM version 10.0 and higher, but they could apply to older versions as well.   Problem Description: Arista has identified that an on-premises Wireless Manager (WM) deployment cannot be up ...

Date: October 19th, 2021 Version: 1.0 Revision Date Changes 1.0 October 19th, 2021 Initial Release   Security Advisory 0069 The CVE-ID tracking this issue: CVE-2021-28496 CVSSv3.1 Base Score: 5.7( CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of an internally found vulnerability in Arista's EOS software. Affected software releases are listed below. The effect of this vulnerability is that, when using shared secret prof ...

Date: October 8, 2021 Category: Software Notification about firmware version 11.0.0-36-vv13 affecting Wi-Fi 6 access point series C-2xx and O-2xx   Affected Products: The issues and resolutions described in this advisory apply only to Wi-Fi 6 APs. C-200 C-200P C-250 C-260 C-230, C-230E O-235, O-235E   Problem Description: Arista had identified that certain Wi-Fi 6 access points (APs) may randomly reboot at customer sites. Disabling Dynamic Channel Selection and not selecting ...