Skip to main content

Arista EOS CVE-2026-2379

| EUVDEUVD-2026-34875 HIGH
Operation on a Resource after Expiration or Release (CWE-672)
2026-06-05 Arista GHSA-qm38-553v-42w8
8.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jun 05, 2026 - 20:02 EUVD
Analysis Generated
Jun 05, 2026 - 18:40 vuln.today
Severity Changed
Jun 05, 2026 - 18:22 NVD
MEDIUM HIGH
CVSS changed
Jun 05, 2026 - 18:22 NVD
5.9 (MEDIUM) 8.2 (HIGH)

DescriptionCVE.org

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.

AnalysisAI

Information disclosure in Arista EOS on platforms with hardware IPsec support can occur when physical interface flaps or specific agent restarts cause IPsec tunnels to re-establish while reusing existing Security Associations, leading to sequence number mismatches between endpoints. The CVSS 4.0 base score of 8.2 reflects high confidentiality impact reachable over the network, though attack requirements (AT:P) indicate specific preconditions must be met. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Technical ContextAI

Arista EOS is the network operating system running on Arista's switching and routing platforms; the affected subsystem handles IPsec tunnel establishment using hardware-accelerated cryptographic offload. CWE-672 (Operation on a Resource after Expiration or Release) describes the root cause: when an interface flap or agent restart triggers tunnel re-establishment, EOS continues to operate against Security Associations (SAs) that should have been torn down or re-keyed, producing desynchronized sequence numbers between peers. IPsec sequence numbers are integral to anti-replay protection and packet ordering, so a mismatch between tunnel endpoints can break the cryptographic state machine that protects traffic in flight.

RemediationAI

Patch status is not independently confirmed from the available data - consult the Arista Security Advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134 for fixed EOS release trains and apply the vendor-recommended upgrade for your platform. As a compensating control where upgrading is not immediately feasible, operators can avoid triggering the condition by minimizing physical interface flaps on IPsec-bearing interfaces (stabilize cabling, suppress unnecessary admin shut/no-shut cycles) and scheduling maintenance to avoid the specific agent restarts called out by the advisory; in higher-risk environments, consider proactively tearing down and rekeying affected tunnels after any flap event to force fresh SAs, accepting the trade-off of brief traffic interruption during rekey.

More in Eos

View all
CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2026-7473 MEDIUM POC
6.9 Jun 05

Tunnel decapsulation logic in Arista EOS fails to verify the encapsulation protocol type, allowing any tunneled packet d

CVE-2015-5165 CRITICAL
9.3 Aug 12

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows

CVE-2023-24509 HIGH POC
7.8 Apr 13

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundan

CVE-2015-3209 HIGH
7.5 Jun 15

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending

CVE-2015-8236 CRITICAL
10.0 Nov 19

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.

CVE-2023-3646 HIGH POC
7.5 Aug 29

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error ma

CVE-2023-24511 HIGH POC
7.5 Apr 12

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the

CVE-2022-26300 HIGH POC
7.5 Mar 17

EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Rated high severity (C

CVE-2020-15897 HIGH POC
7.5 Oct 26

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attack

CVE-2019-17596 HIGH POC
7.5 Oct 24

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA

Share

CVE-2026-2379 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy