Security Advisories
Arista Networks is committed to maintaining the highest standards of security across our product portfolio. Leveraging extensive testing and monitoring of vulnerabilities to isolate and neutralize threats early, Arista's Product Security Incident Response Team (PSIRT) provides global coverage for public reporting of possible security vulnerabilities across the product portfolio.
The PSIRT team monitors industry-wide vulnerability reporting as well as providing a single point of contact for customers and interested third parties to investigate and identify potential threats. The PSIRT team also works to communicate these issues back to the user community in a timely manner.
Arista's approach to vulnerability management and links to best practice guidelines can be found here.
For technical assistance with workarounds and hotfix installations recommended in security advisories, please contact the Arista Support team at 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。.
Report security vulnerabilities found in Arista products to the PSIRT team via 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。. It is recommended to use Arista's PGP key for secure and private communication directly with the PSIRT team.
Arista PSIRT is happy to work with researchers on discovered vulnerabilities in Arista products, the assignment of CVEs, and timelines for responsible disclosure. If a researcher discovers a new vulnerability they will be acknowledged in the advisory related to the vulnerability. Arista PSIRT is interested in receiving reports on issues affecting features in both Arista code as well as Open Source Software used in Arista products. Security issues found in Open Source Software which do not affect Arista products are out of the scope of Arista and should be referred to the appropriate CNA found here.
PSIRT Advisories
The following advisories and referenced materials are provided on an "as is" basis for use at your own risk. Arista Networks reserves the right to change or update the advisories without notice at any time.
Security Advisory 0037
August 14th, 2018
The CVE-ID tracking this issue is CVE-2018-5391
Security Advisory 0036
August 6th, 2018
Vulnerability assessment of CVE-2018-5390 for Arista Products
Security Advisory 0035
July 3, 2018
Arista CloudVision Portal Incorrect Permissions Vulnerability - CVE-2018-12357
Security Advisory 0034
May 2nd, 2018
Arista Products vulnerability report for CVE-2017-18017
Security Advisory 0033
April 5th, 2018
Arista Products vulnerability report for CVE-2018-5254
Security Advisory 0032
March 1st, 2018
Arista Products vulnerability report for CVE-2018-5255
Security Advisory 0031
January 3rd, 2018
Arista Products vulnerability report for CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754
Security Advisory 0030
October 2nd, 2017
Security Advisory CVE-2017-14491 - Linux Remote Code Execution in Dnsmasq
Security Advisory 0029
May 15th, 2017
Arista Products vulnerability report for CVE-2017-8231
Security Advisory 0028
May 15th, 2017
Arista Products vulnerability report for CVE-2016-7117