{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory 120 canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120" } ], "title": "Security Advisory 120", "tracking": { "current_release_date": "2025-05-28T16:44:51Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory 120", "initial_release_date": "2025-05-28T16:44:51Z", "revision_history": [ { "date": "2025-05-28T16:44:51Z", "number": "1", "summary": "Document created" } ], "status": "draft", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "DCS-7060X6 hardware platform series", "product": { "name": "DCS-7060X6 hardware platform series", "product_id": "CSAFPID-3" } } ], "category": "product_family", "name": "Hardware Platform Series" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "EOS version 4.34.0", "product": { "name": "EOS version 4.34.0", "product_id": "CSAFPID-2" } }, { "category": "product_version", "name": "EOS version 4.33.2", "product": { "name": "EOS version 4.33.2", "product_id": "CSAFPID-1" } }, { "category": "product_version", "name": "EOS version 4.33.3", "product": { "name": "EOS version 4.33.3", "product_id": "CSAFPID-0" } } ], "category": "product_name", "name": "EOS" } ], "category": "product_family", "name": "Software Products" } ], "category": "vendor", "name": "Arista Networks, Inc." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "EOS version 4.33.2 installed on DCS-7060X6", "product_id": "CSAFPID-4" }, "product_reference": "CSAFPID-1", "relates_to_product_reference": "CSAFPID-3" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.34.0 installed on DCS-7060X6", "product_id": "CSAFPID-6" }, "product_reference": "CSAFPID-2", "relates_to_product_reference": "CSAFPID-3" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.33.3 installed on DCS-7060X6", "product_id": "CSAFPID-5" }, "product_reference": "CSAFPID-0", "relates_to_product_reference": "CSAFPID-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-2826", "id": { "system_name": "Arista Bug ID", "text": "795398" }, "notes": [ { "category": "description", "text": "On affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:\n\nPackets which should be permitted may be dropped and,\nPackets which should be dropped may be permitted.", "title": "CVE Description" }, { "category": "other", "text": "n order to be vulnerable to CVE-2025-2826, the following condition must be met: IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL must be configured and active on more than one Ethernet interfaces or one or more LAG interfaces. The output of CLI show commands will look similar to the following:\n\nswitch> show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n Total rules configured: 27\n Configured on Ingress: control-plane(default VRF)\n Active on Ingress: control-plane(default VRF)\n \nIPV4 ACL ipv4ACL\n Total rules configured: 2\n Configured on Ingress: Et18/1\n Active on Ingress: Et18/1\n \nor\n\nswitch>show mac access-lists summary\nMAC ACL macAcl\n Total rules configured: 2\n Configured on Ingress: Et18/1\n Active on Ingress: Et18/1\n \nor\n\nswitch>show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n Total rules configured: 27\n Configured on Ingress: control-plane(default VRF)\n Active on Ingress: control-plane(default VRF)\n \nStandard IPV6 ACL ipv6StandardACL\n Total rules configured: 2\n Configured on Ingress: Et21/1\n Active on Ingress: Et21/1\n \nIf IPv4 Ingress ACL or MAC Ingress ACL or IPv6 standard Ingress ACL are not configured or are not active on any Ethernet interface or LAG interfaces there is no exposure to this issue and the CLI show command output have no active interfaces˜ listed, similar to the following:\n\nswitch> show ip access-lists summary\nPhone ACL bypass: disabled\nIPV4 ACL default-control-plane-acl [readonly]\n Total rules configured: 27\n Configured on Ingress: control-plane(default VRF)\n Active on Ingress: control-plane(default VRF)\n \nor\n\nswitch>show mac access-lists summary\n \nor\n\nswitch>show ipv6 access-lists summary\nPhone ACL bypass: disabled\nIPV6 ACL default-control-plane-acl [readonly]\n Total rules configured: 27\n Configured on Ingress: control-plane(default VRF)\n Active on Ingress: control-plane(default VRF)", "title": "795398: Required Config for Exploitation" } ], "product_status": { "first_affected": [ "CSAFPID-1" ], "fixed": [ "CSAFPID-0", "CSAFPID-2" ] }, "references": [ { "category": "external", "summary": "MITRE", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2826" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.3", "product_ids": [ "CSAFPID-0" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.34.0", "product_ids": [ "CSAFPID-2" ] }, { "category": "none_available", "details": "Not fixed in EOS version 4.33.2", "product_ids": [ "CSAFPID-1" ] }, { "category": "mitigation", "details": "No workaround is available. Ingress ACLs may be applied as egress, if resources permit and the policy is applicable." } ], "scores": [ { "cvss_v3": { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-1", "CSAFPID-6", "CSAFPID-3", "CSAFPID-0", "CSAFPID-5", "CSAFPID-2", "CSAFPID-4" ] } ], "title": "CVE-2025-2826" } ] }