Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.
The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.
For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at firstname.lastname@example.org.
The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.
October 2nd, 2017
Security Advisory CVE-2017-14491 - Linux Remote Code Execution in Dnsmasq
May 15th, 2017
Arista Products vulnerability report for CVE-2017-8231
May 15th, 2017
Arista Products vulnerability report for CVE-2016-7117
December 1st, 2016
Arista Products vulnerability report for CVE-2016-9012
October 21st, 2016
Arista Products vulnerability report for CVE-2016-5195
October 17th, 2016
Arista DCS-7050 series products vulnerability report for CVE-2016-6894
October 4th, 2016
Arista Products vulnerability report for security vulnerabilities announcement from the OpenSSL project on September 22nd, 2016
August 15th, 2016
Arista Products vulnerability report for security vulnerability CVE-2016-5696 that was released in August, 2016
June 28th, 2016
Arista Products vulnerability report for potential Denial of service condition caused by specially crafted ipv6 Neighbor Discovery packets.
June 13th, 2016
Arista Products vulnerability report for security vulnerability announcement from NGINX on May 31st, 2016