Arista Security Advisories

Subscribe to Arista Security Advisories hírcsatorna
Arista Networks :: Security Advisories
Frissítve: 25 perc 10 másodperc
2021. január 19.

Security Advisory 0061

Date: January 19th, 2021 Version: 1.0 Revision Date Changes 1.0 January 19th, 2021 Initial Release     The CVE-IDs tracking this issue are: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686 CVSSv3.1 scores and vectors are as follows: CVE-2020-25684: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2020-25685: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2020-25686: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N Description This advisory documents ...
2020. december 22.

Security Advisory 0060

Date: December 21, 2020 Arista Statement Regarding Use of SolarWinds Orion Arista Networks is providing this security update in response to the cyberattack on the SolarWinds Orion Platform (versions 2019.4 through 2020.2.1 HF10) released between March and June 2020 (Compromised Software). Arista has not implemented SolarWinds Orion in our development or production environments since 2018. Consequently, Arista has never deployed the Compromised Software in these environments. From 2018 unti ...
2020. december 17.

Security Advisory 0059

Date:December 16th, 2020 Version: 1.0 Revision Date Changes 1.0 December 16th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-24360 CVSSv3.1 Base Score: 7.4/10 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s EOS affecting the 7800R3, 7500R3 series and the 7280R3 series of products. Affected software releases are listed below. An issue with ARP packets may result in issues that ...
2020. december 17.

Security Advisory 0058

Date:December 16th, 2020 Version: 1.0 Revision Date Changes 1.0 December 16th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-3702 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Description This advisory documents the impact of a vulnerability in the 2.4GHz radios of Arista Wireless Access Points (APs). Not all systems are impacted, please refer to the “Affected Platforms”, and “Symptoms” sections below for specific re ...
2020. december 17.

Security Advisory 0057

Date:December 16th, 2020 Version: 1.0 Revision Date Changes 1.0 December 16th, 2020 Initial Release     The CVE-ID tracking this issue: CVE-2020-26569 CVSSv3.1 Base Score: 5.9/10 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s EOS involving crossing VLAN boundaries in X-series platforms identified under “Symptoms”, and “Affected Platforms” below. In EVPN VxLAN setups, the effect of this v ...
2020. december 17.

Security Advisory 0056

Date:December 16th, 2020 Version: 1.0 Revision Date Changes 1.0 December 16th, 2020 Initial Release     The CVE-ID tracking this issue: CVE-2020-15898 CVSSv3 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Description This advisory documents the impact of a vulnerability in Arista’s EOS involving crossing VLAN boundaries in X-Series and 7170 Series platforms identified below. To evaluate if a system is vulnerable please see the “Symptoms” section bel ...
2020. december 17.

Security Advisory 0055

Date:December 16th, 2020 Version: 1.0 Revision Date Changes 1.0 December 16th, 2020 Initial Release     The CVE-ID tracking this issue: CVE-2020-15897 CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Description This advisory documents the impact of a vulnerability in Arista’s EOS for device configurations leveraging VxLAN Routing and VRFs. To evaluate if a VxLAN enabled device is vulnerable, please see the “Symptoms” section below for details ...
2020. október 7.

Security Advisory 0054

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-15897 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s EOS, specifically the routing process when malformed packets are received by IS-IS. Systems that do not have IS-IS configured are not impacted by this vulnerability. Th ...
2020. október 7.

Security Advisory 0053

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-17355 CVSSv3 Base Score: 7.5/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents a security vulnerability in Arista EOS, for customers who leverage DHCPv6 with a specific relay option configured. The vulnerability is found in EOS where a malformed DHCP packet can lead to an incorrect route ...
2020. október 7.

Security Advisory 0052

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-13100 CVSSv3 Base Score: 7.5/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s CloudVision eXchange (CVX) server which impacts the ControllerOob agent. The effect of the vulnerability is that if the CVX server receives a malformed control-plane p ...