Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.
The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.
Arista's approach to vulnerability management and links to best practice guidelines can be found here.
Arista PSIRT is happy to work with researchers on discovered vulnerabilities in Arista products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. Arista PSIRT is interested in receiving reports on issues affecting features in both Arista code as well as Open Source Software used in Arista products. Security issues found in Open Source Software which do not affect Arista products are out of the scope of Arista and should be referred to the appropriate CNA found here.
The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.
Security Advisory 0023
August 15th, 2016
Arista Products vulnerability report for security vulnerability CVE-2016-5696 that was released in August, 2016
Security Advisory 0022
June 28th, 2016
Arista Products vulnerability report for potential Denial of service condition caused by specially crafted ipv6 Neighbor Discovery packets.
Security Advisory 0021
June 13th, 2016
Arista Products vulnerability report for security vulnerability announcement from NGINX on May 31st, 2016
Security Advisory 0020
May 6th, 2016
Arista Products vulnerability report for security vulnerabilities announcement from the OpenSSL project on May 3rd, 2016
Security Advisory 0019
May 3rd, 2016
Arista Products vulnerability report for security vulnerabilities announcement from the NTP project on April 26th, 2016
Security Advisory 0018
March 7th, 2016
Arista Products vulnerability report for security vulnerabilities released by OpenSSL on March 1st, 2016
Security Advisory 0017
February 25th, 2016
Arista Products vulnerability report for security vulnerabilities released for glibc getaddrinfo()
Security Advisory 0015
November 18th, 2015
Arista EOS Remote Privilege Escalation Vulnerability - CVE-2015-8236
Security Advisory 0016
November 5th, 2015
Arista Products vulnerability report for security vulnerabilities released for NTP in October, 2015
Security Advisory 0014
September 23rd, 2015
Arista Products vulnerability report for security updates released for QEMU on August 23rd, 2015