Advisories & Notices

Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.

The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.

Report security vulnerabilities found in Arista products to the PSIRT team via psirt@arista.com. It is recommended to use Arista's PGP key for secure communication.

For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at support@arista.com.

 

PSIRT Advisories

The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.

December 1st, 2016

Arista Products vulnerability report for CVE-2016-9012

Readmore »

October 21st, 2016

Arista Products vulnerability report for CVE-2016-5195

Readmore »

October 17th, 2016

Arista DCS-7050 series products vulnerability report for CVE-2016-6894

Readmore »

October 4th, 2016

Arista Products vulnerability report for security vulnerabilities announcement from the OpenSSL project on September 22nd, 2016

Readmore »

August 15th, 2016

Arista Products vulnerability report for security vulnerability CVE-2016-5696 that was released in August, 2016

Readmore »

June 28th, 2016

Arista Products vulnerability report for potential Denial of service condition caused by specially crafted ipv6 Neighbor Discovery packets.

Readmore »

June 13th, 2016

Arista Products vulnerability report for security vulnerability announcement from NGINX on May 31st, 2016

Readmore »

May 6th, 2016

Arista Products vulnerability report for security vulnerabilities announcement from the OpenSSL project on May 3rd, 2016

Readmore »

May 3rd, 2016

Arista Products vulnerability report for security vulnerabilities announcement from the NTP project on April 26th, 2016

Readmore »

March 7th, 2016

Arista Products vulnerability report for security vulnerabilities released by OpenSSL on March 1st, 2016

Readmore »

February 25th, 2016

Arista Products vulnerability report for security vulnerabilities released for glibc getaddrinfo()

Readmore »

November 18th, 2015

Arista EOS Remote Privilege Escalation Vulnerability - CVE-2015-8236

Readmore »

November 5th, 2015

Arista Products vulnerability report for security vulnerabilities released for NTP in October, 2015

Readmore »

September 23rd, 2015

Arista Products vulnerability report for security updates released for QEMU on August 23rd, 2015

Readmore »

September 4th, 2015

Arista Products vulnerability report for security updates released for QEMU on August 23rd, 2015

Readmore »

August 20th, 2015

Arista 7000 Series Products and Arista EOS are vulnerable to CVE-2015-5600.

Readmore »

June 17th, 2015

Arista Products Vulnerability report for OpenSSL security updates released on June 11th, 2015.

Readmore »

May 14th, 2015

Arista 7000 Series Products and Arista EOS are vulnerable to CVE-2015-3456 (VENOM).

Readmore »

January 28th 2015

Arista 7000 Series Products and Arista EOS are not remotely exploitable by CVE-2015- 0235

Readmore »

January 9th 2015

Arista 7000 Series Products and Arista EOS are not vulnerable to NTP CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.

Readmore »

October 20th 2014

SSLv3 is vulnerable to potential man in the middle attacks (CVE-2014-3566)

Readmore »

September 29th 2014

Shell command Bash code injection vulnerability (CVE-2014-6271, CVE-2014-6278, and CVE-2014-7169)

Readmore »

June 9th 2014

Open SSL clients running on Arista EOS vulnerable to SSL/TLS MITM vulnerability (CVE-2014-0224)

Readmore »

April 9th 2014

Arista 7000 Series Products and Arista EOS Not Vulnerable to OpenSSL CVE-2014-0160

Readmore »

February 14, 2014

Affected Software Version: EOS-4.13.0F through EOS-4.13.1F.

Readmore »

September 12, 2012

Null pointer dereference in nf_conntrack_ipv6. Affected software releases include EOS-4.8.0 through EOS-4.8.7, EOS-4.9.0 through EOS-4.9.5, EOS-4.10, EOS-4.10.1

Readmore »

June 17, 2008

SNMP v3 authentication may be bypassed on Arista Networks Switches running EOS 2.0.2 or earlier. Recommendation is to upgrade to EOS 2.0.3 or later.

Readmore »

This page aggregates the Arista hardware end of sale notices. For further information on Arista’s hardware support policies see the End of Life Policy and for software support policies, see the EOS Life Cycle Policy.

Quick Reference Guide (PDF) for Arista’s End of Life Products

September 20, 2016

Arista Networks announces the upcoming end of sale for selected switches in the 7050X Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is February 20th 2017.

Readmore »

June 30, 2016

Arista Networks announces the end of sale for the DCS-7316X switch, fabric modules and associated system bundles. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is December 30, 2016. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 3, the End-of-Life Milestones.

Readmore »

May 9, 2016

Arista Networks announces the imminent end of sale for a number of MTP fiber optic cables. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is June 9th 2016.

Readmore »

February 18, 2016

Arista Networks announces the imminent end of sale for the 7300 Series Fan Assembly modules. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 31st 2016.

Customers with active support contracts for 7300X Series systems with the Fan Assembly modules installed will continue to receive support from Arista TAC (Technical Assistance Center) as long as the 7300X Series systems remain covered under a support contract.

Readmore »

February 9, 2016

Arista Networks announces the upcoming end of sale for selected switches in the 7050 Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is July 2016. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

February 5, 2016

Arista Networks announces the end of sale for its 10G DWDM SFP+ fixed wavelength products. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is August 5th, 2016. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones

Readmore »

January 20, 2016

Arista Networks announces the upcoming end of sale for one of its switches. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is July 20th 2016. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

June 22, 2015

Arista Networks announces the upcoming end of sale for the 40GbE switches in the 7050 Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is December 22nd 2015. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

April 17, 2015

Arista Networks announces the end of sale of its 10G SFP+ and 40G QSFP+ 7 meter copper cables. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is April 17th, 2016. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

October 15, 2014

Arista Networks announces the end of sale for five switches in the 7050 Series. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is April 15, 2015. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

January 30, 2014

Arista Networks announces the end of sale for one of its switches. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is July 30th 2014. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

January 30, 2014

Arista Networks announces the end of sale for one of its switches. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is July 30th 2014. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

September 27, 2013

Arista Networks announces the end of sale and end of life dates for the selected Arista 7500 Series components. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is March 27th 2014. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

June 20, 2013

Arista Networks announces the end of sale for two of its switches. The product part numbers covered by this announcement are listed below in Table 1. The last day to order the affected products is December 20th 2013. Customers with active support contracts will continue to receive support from Arista TAC (Technical Assistance Center) as per the dates listed in Table 2, the End-of-Life Milestones.

Readmore »

August 20, 2012

Arista Networks announces the end of sale of for two of its switches. The product part numbers covered by this announcement are listed below..

Readmore »

June 30, 2012

Arista Networks announces the end of sale for one of its 10G SFP+ Optics. The product part numbers covered by this announcement are listed below..

Readmore »

May 1, 2011

Arista Networks announces the end of sale of for two of its switches. The product part numbers covered by this announcement are listed below..

Readmore »

November 11, 2016

The EOS 4.14 software train will reach end of support on January 11th, 2017. At that time, EOS 4.14 will be considered End of Support with no further official software support on this version from Arista.

Readmore »

June 3, 2016

This software support bulletin is to notify Arista Networks customers that Arista EOS version 4.16 will not support the DCS-7048T-A switches, DCS-7548S-LC line card and DCS-7508-FM and DCS-7504-FM fabric card modules for which end of sales has been announced.

Readmore »

April 1, 2016

The EOS 4.13 software train will reach end of support on July 30th, 2016. At that time, EOS 4.13 will be considered End of Support with no further official software support on this version from Arista.

Readmore »

August 18, 2015

The EOS 4.12 software train will reach the 30 month timeline on November 15th, 2015. At that time, EOS 4.12 will be considered End of Support with no further official software support on this version from Arista.

Readmore »

April 18, 2015

The EOS 4.11 software train will reach the 30 month timeline on June 18, 2015. At that time, EOS 4.11 will be considered End of Support with no further official software support on this version from Arista.

Readmore »

March 25, 2014

This software support bulletin is to notify Arista Networks customers that Arista EOS version 4.15 will not support the DCS-7500-SUP for which end of sales has been announced.

Readmore »

June 25, 2014

This software support bulletin is to notify Arista Networks customers that Arista EOS version 4.14 will not support a number of platforms for which end of sales has been announced. Platforms affected will continue to receive TAC software bug fixes with existing EOS versions through the end of support of the products. .

Readmore »