Security Advisories

 

Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.

The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.

Report security vulnerabilities found in Arista products to the PSIRT team via psirt@arista.com. It is recommended to use Arista's PGP key for secure communication.

For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at support@arista.com.

 

PSIRT Advisories

The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.

Security Advisory 0008

January 9th 2015

Arista 7000 Series Products and Arista EOS are not vulnerable to NTP CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.

Security Advisory 0007

October 20th 2014

SSLv3 is vulnerable to potential man in the middle attacks (CVE-2014-3566)

Security Advisory 0006

September 29th 2014

Shell command Bash code injection vulnerability (CVE-2014-6271, CVE-2014-6278, and CVE-2014-7169)

Security Advisory 0005

June 9th 2014

Open SSL clients running on Arista EOS vulnerable to SSL/TLS MITM vulnerability (CVE-2014-0224)

Security Advisory 0004

April 9th 2014

Arista 7000 Series Products and Arista EOS Not Vulnerable to OpenSSL CVE-2014-0160

Security Advisory 0003

February 14, 2014

Affected Software Version: EOS-4.13.0F through EOS-4.13.1F.

Security Advisory 0002

September 12, 2012

Null pointer dereference in nf_conntrack_ipv6. Affected software releases include EOS-4.8.0 through EOS-4.8.7, EOS-4.9.0 through EOS-4.9.5, EOS-4.10, EOS-4.10.1

Security Advisory 0001

June 17, 2008

SNMP v3 authentication may be bypassed on Arista Networks Switches running EOS 2.0.2 or earlier. Recommendation is to upgrade to EOS 2.0.3 or later.