Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
AnalysisAI
Information disclosure in Arista EOS on platforms with hardware IPsec support can occur when physical interface flaps or specific agent restarts cause IPsec tunnels to re-establish while reusing existing Security Associations, leading to sequence number mismatches between endpoints. The CVSS 4.0 base score of 8.2 reflects high confidentiality impact reachable over the network, though attack requirements (AT:P) indicate specific preconditions must be met. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Technical ContextAI
Arista EOS is the network operating system running on Arista's switching and routing platforms; the affected subsystem handles IPsec tunnel establishment using hardware-accelerated cryptographic offload. CWE-672 (Operation on a Resource after Expiration or Release) describes the root cause: when an interface flap or agent restart triggers tunnel re-establishment, EOS continues to operate against Security Associations (SAs) that should have been torn down or re-keyed, producing desynchronized sequence numbers between peers. IPsec sequence numbers are integral to anti-replay protection and packet ordering, so a mismatch between tunnel endpoints can break the cryptographic state machine that protects traffic in flight.
RemediationAI
Patch status is not independently confirmed from the available data - consult the Arista Security Advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134 for fixed EOS release trains and apply the vendor-recommended upgrade for your platform. As a compensating control where upgrading is not immediately feasible, operators can avoid triggering the condition by minimizing physical interface flaps on IPsec-bearing interfaces (stabilize cabling, suppress unnecessary admin shut/no-shut cycles) and scheduling maintenance to avoid the specific agent restarts called out by the advisory; in higher-risk environments, consider proactively tearing down and rekeying affected tunnels after any flap event to force fresh SAs, accepting the trade-off of brief traffic interruption during rekey.
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
Tunnel decapsulation logic in Arista EOS fails to verify the encapsulation protocol type, allowing any tunneled packet d
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundan
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error ma
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. Rated high severity (C
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attack
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34875
GHSA-qm38-553v-42w8