Security Advisories


Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.

The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.

Arista's approach to vulnerability management and links to best practice guidelines can be found here.

For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at This email address is being protected from spambots. You need JavaScript enabled to view it..

Report security vulnerabilities found in Arista products to the PSIRT team via This email address is being protected from spambots. You need JavaScript enabled to view it.. It is recommended to use Arista's PGP key for secure and private communication directly with the PSIRT team.

Arista PSIRT is happy to work with researchers on discovered vulnerabilities in Arista products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. Arista PSIRT is interested in receiving reports on issues affecting features in both Arista code as well as Open Source Software used in Arista products. Security issues found in Open Source Software which do not affect Arista products are out of the scope of Arista and should be referred to the appropriate CNA found here.


PSIRT Advisories

The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.

Security Advisory 0101

Arista Networks is providing this security update in response to the following publicly disclosed security vulnerability related to the RADIUS protocol. This vulnerability is a result of a design flaw in the RADIUS protocol. It allows a skilled attacker who can read and modify RADIUS packets in the network to forge responses from the RADIUS server to the client. In this way the attacker can cause any user to be authenticated and can give almost any authorization to any user. RADIUS over TLS (RadSec) resolves this vulnerability.

The CVE-ID tracking this issue: CVE-2024-3596

Security Advisory 0100

Arista Networks is providing this security update in response to the OpenSSH security vulnerability CVE-2024-6387, named regreSSHion.

The vulnerability involves a signal handler race condition that can lead to a potential unauthenticated remote code execution in OpenSSH’s server (sshd) in glibc-based Linux systems that grants full root access. It affects the default configuration and does not require user interaction, posing a significant exploit risk.

Security Advisory 0099

For both CVE-2024-27892 and CVE-2024-27890, affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. These issues are similar types of authorization issues and are being released together due to their similarity.

This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

Security Advisory 0098

This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.

Security Advisory 0097

Arista Networks is providing this security update in response to the following publicly disclosed security vulnerabilities related to protocol level issues with the 802.11 standard.

Security Advisory 0096

CVE-2023-5502: On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication.

Security Advisory 0095

CVE-2024-3094: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Security Advisory 0094

Arista Networks is providing this security update in response to the following publicly disclosed security vulnerabilities related to HTTP/2 CONTINUATION frames. This set of vulnerabilities is the result of some HTTP/2 implementations that do not properly limit or sanitize the amount of CONTINUATION frames sent in a single stream. An attacker that can send packets to a target server can send a stream of CONTINUATION frames, which can result in an out-of-memory crash, enabling an attacker to launch a denial of service (DoS) attack against a target service using a vulnerable implementation.

Security Advisory 0093

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.

The CVE-ID tracking this issue: CVE-2024-27889

Security Advisory 0092

On affected platforms running CloudVision Portal Virtual Appliances on AWS/GCP, a public key is present in the /root/.ssh/authorized_keys file. This key, however, cannot be used unless the accompanying private key is available. While this key is believed to have been deleted, this advisory is being released out of an abundance of caution.

This vulnerability is being tracked by BUG 880654