Arista Security Advisories

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-15897 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s EOS, specifically the routing process when malformed packets are received by IS-IS. Systems that do not have IS-IS configured are not impacted by this vulnerability. Th ...

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-17355 CVSSv3 Base Score: 7.5/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents a security vulnerability in Arista EOS, for customers who leverage DHCPv6 with a specific relay option configured. The vulnerability is found in EOS where a malformed DHCP packet can lead to an incorrect route ...

Date: October 7th, 2020 Version: 1.0 Revision Date Changes 1.0 October 7th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-13100 CVSSv3 Base Score: 7.5/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s CloudVision eXchange (CVX) server which impacts the ControllerOob agent. The effect of the vulnerability is that if the CVX server receives a malformed control-plane p ...

Arista Networks announces the upcoming end of sale for the 7260CX Series 100 Gigabit Ethernet Switches. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is April 2nd, 2021. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones. Migration Options Customers are encouraged to plan a migration ...

Arista Networks announces the upcoming end of sale for the switches in the 7160 Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 28th, 2021. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones. Migration Options Customers are encouraged to plan a migration to newer models ...

Arista Networks announces the upcoming end of sale for the DCS-7050SX-72Q models of the 7050X Series. Other members of the 7050X Series are not affected by this end of sales notice. Arista Networks announces the upcoming end of sale of the 7130E Series 48 and 96. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 28th, 2021. Customers with active support contracts will continue to receive support from Arista T ...

Arista Networks announces the upcoming end of sale of the 7130 Series Protect Firewall 48. Arista Networks announces the upcoming end of sale of the 7130EH Series 32. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 28th, 2021. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones. ...

Arista Networks announces the upcoming end of sale of the 7130 Series Protect Firewall 48. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 28th, 2021. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones. The ongoing product lifecycle of the 7130 Series is not affected and will c ...

Arista Networks announces the upcoming end of sale for the DCS-7050SX-72Q models of the 7050X Series. Other members of the 7050X Series are not affected by this end of sales notice. The product and part number covered by this announcement are listed below in Table 1. The last day to order the affected products is March 28th, 2021. Customers with active support contracts for 7050SX-72Q will continue to receive support from Arista TAC (Technical Assistance Center) as long as the systems remain ...

Date: September 9th, 2020 Version: 1.0 Revision Date Changes 1.0 September 9th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-24333 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the impact of a vulnerability in Arista’s CloudVision Portal (CVP). The effect of this vulnerability is that users with “read-only” or greater access rights to the Configlet Management module can download fi ...

Date: September 9th, 2020 Version: 1.0 Revision Date Changes 1.0 September 9th, 2020 Initial Release     The CVE-ID tracking this issue is: CVE-2020-13881 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Description This advisory documents the impact of a vulnerability in an external TACACS+ server library used by Arista’s CloudVision Portal. This vulnerability only impacts systems configured with TACACS+ authentication for the base operating ...

Arista Networks announces the upcoming end of sale for a line card in the 7500R Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is January 28th, 2021. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones. Migration Options Customers are encouraged to plan a migration to the newer ...