Security Advisories

 

Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.

The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.

Report security vulnerabilities found in Arista products to the PSIRT team via psirt@arista.com. It is recommended to use Arista's PGP key for secure communication.

For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at support@arista.com.

 

PSIRT Advisories

The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.

Security Advisory 0018

March 7th, 2016

Arista Products vulnerability report for security vulnerabilities released by OpenSSL on March 1st, 2016

Security Advisory 0017

February 25th, 2016

Arista Products vulnerability report for security vulnerabilities released for glibc getaddrinfo()

Security Advisory 0015

November 18th, 2015

Arista EOS Remote Privilege Escalation Vulnerability - CVE-2015-8236

Security Advisory 0016

November 5th, 2015

Arista Products vulnerability report for security vulnerabilities released for NTP in October, 2015

Security Advisory 0014

September 23rd, 2015

Arista Products vulnerability report for security updates released for QEMU on August 23rd, 2015

Security Advisory 0013

September 4th, 2015

Arista Products vulnerability report for security updates released for QEMU on August 23rd, 2015

Security Advisory 0012

August 20th, 2015

Arista 7000 Series Products and Arista EOS are vulnerable to CVE-2015-5600.

Security Advisory 0011

June 17th, 2015

Arista Products Vulnerability report for OpenSSL security updates released on June 11th, 2015.

Security Advisory 0010

May 14th, 2015

Arista 7000 Series Products and Arista EOS are vulnerable to CVE-2015-3456 (VENOM).

Security Advisory 0009

January 28th 2015

Arista 7000 Series Products and Arista EOS are not remotely exploitable by CVE-2015- 0235