March 16th, 2021

This advisory documents the impact of a publicly disclosed vulnerability in the Go programming language (maintained by Google), on Arista products. Affected products include EOS, CloudVision Portal and MOS software.

The CVE-ID tracking this issue: CVE-2020-28362

January 19th, 2021

The CVE-IDs tracking this issue are: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

CVSSv3.1 scores and vectors are as follows:

  • CVE-2020-25684: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
  • CVE-2020-25685: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
  • CVE-2020-25686: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

December 21st, 2020

Arista Networks is not affected by the recent incident involving SolarWinds Orion.

December 16th, 2020

The CVE-ID tracking this issue is: CVE-2020-24360
CVSSv3.1 Base Score: 7.4/10 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

December 16th, 2020

The CVE-ID tracking this issue is: CVE-2020-3702
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

December 16th, 2020

The CVE-ID tracking this issue: CVE-2020-26569
CVSSv3.1 Base Score: 5.9/10 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

December 16th, 2020

The CVE-ID tracking this issue: CVE-2020-15898
CVSSv3 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

December 16th, 2020

The CVE-ID tracking this issue: CVE-2020-26568
CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

October 7th, 2020

The CVE-ID tracking this issue is: CVE-2020-15897
CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

October 7th, 2020

The CVE-ID tracking this issue is: CVE-2020-17355
CVSSv3 Base Score: 7.5/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)