Arista Security Advisories
Security Advisory 0077
Date: May 25th, 2022
Revision
Date
Changes
1.0
May 25th 2022
Initial release
Security Advisory 0077
CVE-2021-28508
CVSSv3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CWE: CWE-255 Credentials Management Errors
Tracking bug: BUG635204 (TerminAttr), BUG664159 (Octa)
CVE-2021-28509
CVSSv3.1 Base Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N)
CWE: CWE-255 Credentials Management Errors
Tracking bug: BUG643445 (TerminAttr), BUG6 ...
Security Advisory 0076
April 26th, 2022
Revision
Date
Changes
1.0
April 26th, 2022
Initial release
The CVE-ID tracking this issue: CVE-2021-28510CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Common Weakness Enumeration: CWE-400 (Uncontrolled Resource Consumption)This vulnerability is being tracked by BUG638107
Description
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value ( ...
Security Advisory 0075
Date: April 26th, 2022
Revision
Date
Changes
1.0
April 26th 2022
Initial release
CVE-2022-0778
CVSSv3.1 Base Score: 7.5( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H )
CWE: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
This vulnerability is being tracked by BUG674519(EOS) and BUG680261(MOS)
Description
This advisory documents the impact of a publicly disclosed vulnerability in OpenSSL on Arista products.
There exists a vulnerability in ...
Security Advisory 0074
Date: April 1st, 2022
Revision
Date
Changes
1.0
April 1st, 2022
Initial Release
The CVE-ID tracking this issue: CVE-2021-28504 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG 614735
Description
On affected platforms running Arista EOS, deny rules fail to get applied for packets of size higher than the configured maximum transmission unit ...
Security Advisory 0073
Date: March 29th, 2022
Version: 1.0
Revision
Date
Changes
1.0
March 29th, 2022
Initial Release
The CVE-ID tracking this issue: CVE-2021-28504 CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-284 Improper Access Control This vulnerability is being tracked by BUG 609752
Description
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or ...