Arista Security Advisories

  Date: May 25th, 2022 Revision Date Changes 1.0 May 25th 2022 Initial release Security Advisory 0077 CVE-2021-28508 CVSSv3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) CWE: CWE-255 Credentials Management Errors Tracking bug:  BUG635204 (TerminAttr), BUG664159 (Octa) CVE-2021-28509 CVSSv3.1 Base Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N) CWE: CWE-255 Credentials Management Errors Tracking bug: BUG643445 (TerminAttr), BUG6 ...

April 26th, 2022   Revision Date Changes 1.0 April 26th, 2022 Initial release   The CVE-ID tracking this issue: CVE-2021-28510CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Common Weakness Enumeration: CWE-400 (Uncontrolled Resource Consumption)This vulnerability is being tracked by BUG638107 Description For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value ( ...

  Date: April 26th, 2022 Revision Date Changes 1.0 April 26th 2022 Initial release   CVE-2022-0778 CVSSv3.1 Base Score: 7.5( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ) CWE: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') This vulnerability is being tracked by BUG674519(EOS) and BUG680261(MOS)   Description This advisory documents the impact of a publicly disclosed vulnerability in OpenSSL on Arista products. There exists a vulnerability in ...

  Date: April 1st, 2022 Revision Date Changes 1.0 April 1st, 2022 Initial Release The CVE-ID tracking this issue: CVE-2021-28504 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG 614735   Description On affected platforms running Arista EOS, deny rules fail to get applied for packets of size higher than the configured maximum transmission unit ...

Date: March 29th, 2022 Version: 1.0 Revision Date Changes 1.0 March 29th, 2022 Initial Release     The CVE-ID tracking this issue: CVE-2021-28504 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG 609752 Description On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or ...