Security Advisories

 

Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.

The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.

Arista's approach to vulnerability management and links to best practice guidelines can be found here.

For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at 이 이메일 주소가 스팸봇으로부터 보호됩니다. 확인하려면 자바스크립트 활성화가 필요합니다..

Report security vulnerabilities found in Arista products to the PSIRT team via 이 이메일 주소가 스팸봇으로부터 보호됩니다. 확인하려면 자바스크립트 활성화가 필요합니다.. It is recommended to use Arista's PGP key for secure and private communication directly with the PSIRT team.

Arista PSIRT is happy to work with researchers on discovered vulnerabilities in Arista products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. Arista PSIRT is interested in receiving reports on issues affecting features in both Arista code as well as Open Source Software used in Arista products. Security issues found in Open Source Software which do not affect Arista products are out of the scope of Arista and should be referred to the appropriate CNA found here.

 

PSIRT Advisories

The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.

Security Advisory 0045

December 4, 2019

CVE-ID tracking this issue is: CVE-2019-18615
CVSSv3 Base Score: 7.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N)

Security Advisory 0044

December 4, 2019

The CVE-ID tracking this issue is: CVE-2019-18181
CVSSv3 Base Score: 5.6 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)

Security Advisory 0043

November 6th, 2019

The CVE-IDs tracking this issue: CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515

CVSSv3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Security Advisory 0042

October 9th, 2019

Security Advisory for CVE-2019-14810

Security Advisory 0041

July 2nd, 2019

The CVE-IDs tracking this issue are CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479.

Security Advisory 0040

April 29th, 2019

Kernel crash due certain malformed packets using "IP Options"

Security Advisory 0039

January 16th, 2019

The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875

Security Advisory 0038

September 13th, 2018

The CVE-ID tracking this issue is CVE-2018-14008

Security Advisory 0037

August 14th, 2018

The CVE-ID tracking this issue is CVE-2018-5391

Security Advisory 0036

August 6th, 2018

Vulnerability assessment of CVE-2018-5390 for Arista Products