Security Advisories
Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.
The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.
Arista's approach to vulnerability management and links to best practice guidelines can be found here.
For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at This email address is being protected from spambots. You need JavaScript enabled to view it..
Report security vulnerabilities found in Arista products to the PSIRT team via This email address is being protected from spambots. You need JavaScript enabled to view it.. It is recommended to use Arista's PGP key for secure and private communication directly with the PSIRT team.
Arista PSIRT is happy to work with researchers on discovered vulnerabilities in Arista products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. Arista PSIRT is interested in receiving reports on issues affecting features in both Arista code as well as Open Source Software used in Arista products. Security issues found in Open Source Software which do not affect Arista products are out of the scope of Arista and should be referred to the appropriate CNA found here.
PSIRT Advisories
The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.
Security Advisory 0068
August 20th, 2021
The CVE-ID tracking this issue: CVE-2021-28494
CVSSv3.1 Base Score: 9.6( CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)
Security Advisory 0067
August 20th, 2021
The CVE-ID tracking this issue: CVE-2021-28493
CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)
Security Advisory 0066
August 20th, 2021
The CVE-ID tracking this issue: CVE-2021-28495
CVSSv3.1 Base Score: 7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L)
Security Advisory 0065
August 20th, 2021
The CVE-ID tracking this issue: CVE-2021-28497
CVSSv3.1 Base Score: 4.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)
Security Advisory 0064
August 20th, 2021
The CVE-ID tracking this issue: CVE-2021-28498
CVSSv3.1 Base Score: 8.7 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H)
The CVE-ID tracking this issue: CVE-2021-28499
CVSSv3.1 Base Score: 6.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L)
Security Advisory 0063
May 12th, 2021
This advisory documents the Arista's response to the public release of the set of vulnerabilities pertaining to Wi-Fi security known as Fragmentation and Forge.
Security Advisory 0062
March 16th, 2021
This advisory documents the impact of a publicly disclosed vulnerability in the Go programming language (maintained by Google), on Arista products. Affected products include EOS, CloudVision Portal and MOS software.
The CVE-ID tracking this issue: CVE-2020-28362
Security Advisory 0061
January 19th, 2021
The CVE-IDs tracking this issue are: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686
CVSSv3.1 scores and vectors are as follows:
- CVE-2020-25684: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
- CVE-2020-25685: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
- CVE-2020-25686: 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Security Advisory 0059
December 16th, 2020
The CVE-ID tracking this issue is: CVE-2020-24360
CVSSv3.1 Base Score: 7.4/10 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Security Advisory 0058
December 16th, 2020
The CVE-ID tracking this issue is: CVE-2020-3702
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)