CVE-2026-2379 (GCVE-0-2026-2379)
Vulnerability from cvelistv5
Published
2026-06-05 17:59
Modified
2026-06-09 14:36
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-672 - Operation on a Resource after Expiration or Release
Summary
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.34.0 < Version: 4.33.0M < Version: 4.32.0M < Version: 4.31.0M < Version: 4.30.0F < 4.31.0 Version: 4.29.0F < 4.30.0 Version: 4.28.0F < 4.29.0 Version: 4.27.1F < 4.28.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:15:34.481934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:36:39.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7280R3 Series with IPsec (DCS-7280SR3AK",
"DCS-7280SR3AM",
"DCS-7280CR3AK",
"DCS-7280CR3AM",
"DCS-7280CR3MK",
"DCS-7280DR3AK",
"DCS-7280DR3AM",
"DCS-7289R3AK-SC",
"DCS-7289R3AM-SC)",
"7800R3 Series with IPsec (7800R3A-36DM-LC",
"7800R3AK-36DM-LC",
"7800R3A-36PM-LC",
"7800R3AK-36PM-LC",
"7800R3A-36DM2-LC",
"7800R3AK-36DM2-LC)",
"AWE 7000 Series with IPsec (AWE-7250R-16S-F",
"AWE-7230R-4TX-4S-F",
"AWE-7220RP-5TH-2S-F)",
"AWE 5000 Series with IPsec (AWE-5510",
"AWE-5310)",
"CloudEOS VM"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.3M",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.5M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.9M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThan": "4.31.0",
"status": "affected",
"version": "4.30.0F",
"versionType": "custom"
},
{
"lessThan": "4.30.0",
"status": "affected",
"version": "4.29.0F",
"versionType": "custom"
},
{
"lessThan": "4.29.0",
"status": "affected",
"version": "4.28.0F",
"versionType": "custom"
},
{
"lessThan": "4.28.0",
"status": "affected",
"version": "4.27.1F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2026-2379, the IPsec\u0026nbsp;\u003cb\u003eanti-replay detection\u003c/b\u003e\u0026nbsp;feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\u003c/p\u003e\u003cp\u003eThe field \u201c\u003cb\u003eReplay window size\u003c/b\u003e\u201d in the output of the command \u201c\u003cb\u003eshow ip sec connection detail\u003c/b\u003e\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cpre\u003eswitch#show ip sec connection detail\nTunnel0:\n\u0026nbsp;\u0026nbsp;Source address: 2.0.0.1, Destination address: 2.0.0.2\n\u0026nbsp;\u0026nbsp;State: established\n\u0026nbsp;\u0026nbsp;Uptime: 31 minutes, 49 seconds\n\u0026nbsp;\u0026nbsp;VRF: default\n\u0026nbsp;\u0026nbsp;Inbound SPI: 0xcc09b0d4:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, \u003cb\u003eReplay window size: 16384\u003c/b\u003e, Seq: 0x0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2101671584, Hard packet limit: 4000000000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2657 secs, Hard time limit: 3600 secs\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 461294305\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 391481\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\n\u0026nbsp;\u0026nbsp;Outbound SPI: 0xc7869a84:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2653085513, Hard packet limit: 4000000000\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2565 secs, Hard time limit: 3600 secs\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 1421924689\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 1207796\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cp\u003eIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\u003c/p\u003e\u003cpre\u003eswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2026-2379, the IPsec\u00a0anti-replay detection\u00a0feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\n\n\n\nThe field \u201cReplay window size\u201d in the output of the command \u201cshow ip sec connection detail\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\n\n\n\nswitch#show ip sec connection detail\nTunnel0:\n\u00a0\u00a0Source address: 2.0.0.1, Destination address: 2.0.0.2\n\u00a0\u00a0State: established\n\u00a0\u00a0Uptime: 31 minutes, 49 seconds\n\u00a0\u00a0VRF: default\n\u00a0\u00a0Inbound SPI: 0xcc09b0d4:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2101671584, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2657 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 461294305\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 391481\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\u00a0\u00a0Outbound SPI: 0xc7869a84:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2653085513, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2565 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 1421924689\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 1207796\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\n\n\u00a0\n\n\n\nIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\n\n\n\nIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\n\n\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection"
}
],
"datePublic": "2026-02-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.\u003c/p\u003e"
}
],
"value": "On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication."
}
],
"impacts": [
{
"capecId": "CAPEC-60",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-60 Reusing Session Tokens"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-672",
"description": "CWE-672: Operation on a Resource after Expiration or Release",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T17:59:40.999Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2026-2379 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.35.0F and later releases in the 4.35.x train\u003c/li\u003e\u003cli\u003e4.34.4M and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.6M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.10M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\n\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\n\nCVE-2026-2379 has been fixed in the following releases:\n\n * 4.35.0F and later releases in the 4.35.x train\n * 4.34.4M and later releases in the 4.34.x train\n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "0134",
"defect": [
"BUG 1188976"
],
"discovery": "INTERNAL"
},
"title": "Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e"
}
],
"value": "There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2026-2379",
"datePublished": "2026-06-05T17:59:40.999Z",
"dateReserved": "2026-02-11T21:25:16.721Z",
"dateUpdated": "2026-06-09T14:36:39.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-09T14:15:34.481934Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-09T14:15:40.448Z\"}}], \"cna\": {\"title\": \"Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled\", \"source\": {\"defect\": [\"BUG 1188976\"], \"advisory\": \"0134\", \"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-60\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-60 Reusing Session Tokens\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Arista Networks\", \"product\": \"EOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.34.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.34.3M\"}, {\"status\": \"affected\", \"version\": \"4.33.0M\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.33.5M\"}, {\"status\": \"affected\", \"version\": \"4.32.0M\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.32.7M\"}, {\"status\": \"affected\", \"version\": \"4.31.0M\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.31.9M\"}, {\"status\": \"affected\", \"version\": \"4.30.0F\", \"lessThan\": \"4.31.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.29.0F\", \"lessThan\": \"4.30.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.28.0F\", \"lessThan\": \"4.29.0\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.27.1F\", \"lessThan\": \"4.28.0\", \"versionType\": \"custom\"}], \"platforms\": [\"7280R3 Series with IPsec (DCS-7280SR3AK\", \"DCS-7280SR3AM\", \"DCS-7280CR3AK\", \"DCS-7280CR3AM\", \"DCS-7280CR3MK\", \"DCS-7280DR3AK\", \"DCS-7280DR3AM\", \"DCS-7289R3AK-SC\", \"DCS-7289R3AM-SC)\", \"7800R3 Series with IPsec (7800R3A-36DM-LC\", \"7800R3AK-36DM-LC\", \"7800R3A-36PM-LC\", \"7800R3AK-36PM-LC\", \"7800R3A-36DM2-LC\", \"7800R3AK-36DM2-LC)\", \"AWE 7000 Series with IPsec (AWE-7250R-16S-F\", \"AWE-7230R-4TX-4S-F\", \"AWE-7220RP-5TH-2S-F)\", \"AWE 5000 Series with IPsec (AWE-5510\", \"AWE-5310)\", \"CloudEOS VM\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\\n\\n\\n\\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \\n\\n\\n\\nCVE-2026-2379 has been fixed in the following releases:\\n\\n * 4.35.0F and later releases in the 4.35.x train\\n * 4.34.4M and later releases in the 4.34.x train\\n * 4.33.6M and later releases in the 4.33.x train\\n * 4.32.8M and later releases in the 4.32.x train\\n * 4.31.10M and later releases in the 4.31.x train\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca href=\\\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2026-2379 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.35.0F and later releases in the 4.35.x train\u003c/li\u003e\u003cli\u003e4.34.4M and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.6M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.10M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-02-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eOn affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-672\", \"description\": \"CWE-672: Operation on a Resource after Expiration or Release\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In order to be vulnerable to CVE-2026-2379, the IPsec\\u00a0anti-replay detection\\u00a0feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\\n\\n\\n\\nThe field \\u201cReplay window size\\u201d in the output of the command \\u201cshow ip sec connection detail\\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\\n\\n\\n\\nswitch#show ip sec connection detail\\nTunnel0:\\n\\u00a0\\u00a0Source address: 2.0.0.1, Destination address: 2.0.0.2\\n\\u00a0\\u00a0State: established\\n\\u00a0\\u00a0Uptime: 31 minutes, 49 seconds\\n\\u00a0\\u00a0VRF: default\\n\\u00a0\\u00a0Inbound SPI: 0xcc09b0d4:\\n\\u00a0\\u00a0\\u00a0\\u00a0Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\\n\\u00a0\\u00a0\\u00a0\\u00a0Errors:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\\n\\u00a0\\u00a0\\u00a0\\u00a0Lifetime config:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft packet limit: 2101671584, Hard packet limit: 4000000000\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft time limit: 2657 secs, Hard time limit: 3600 secs\\n\\u00a0\\u00a0\\u00a0\\u00a0Lifetime current:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Current bytes: 461294305\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Current packets: 391481\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0SA add time: Mon Jul\\u00a0 8 00:49:52 2024\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0SA last use time: Mon Jul\\u00a0 8 01:21:34 2024\\n\\u00a0\\u00a0Outbound SPI: 0xc7869a84:\\n\\u00a0\\u00a0\\u00a0\\u00a0Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\\n\\u00a0\\u00a0\\u00a0\\u00a0Errors:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\\n\\u00a0\\u00a0\\u00a0\\u00a0Lifetime config:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft packet limit: 2653085513, Hard packet limit: 4000000000\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Soft time limit: 2565 secs, Hard time limit: 3600 secs\\n\\u00a0\\u00a0\\u00a0\\u00a0Lifetime current:\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Current bytes: 1421924689\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0Current packets: 1207796\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0SA add time: Mon Jul\\u00a0 8 00:49:52 2024\\n\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0\\u00a0SA last use time: Mon Jul\\u00a0 8 01:21:34 2024\\n\\n\\n\\u00a0\\n\\n\\n\\nIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\\n\\n\\n\\nIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\\n\\n\\n\\nswitch(config)# ip security\\nswitch(config-ipsec)# sa policy sa1\\nswitch(config-ipsec-sa1)# no anti-replay detection\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn order to be vulnerable to CVE-2026-2379, the IPsec\u0026nbsp;\u003cb\u003eanti-replay detection\u003c/b\u003e\u0026nbsp;feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\u003c/p\u003e\u003cp\u003eThe field \\u201c\u003cb\u003eReplay window size\u003c/b\u003e\\u201d in the output of the command \\u201c\u003cb\u003eshow ip sec connection detail\u003c/b\u003e\\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cpre\u003eswitch#show ip sec connection detail\\nTunnel0:\\n\u0026nbsp;\u0026nbsp;Source address: 2.0.0.1, Destination address: 2.0.0.2\\n\u0026nbsp;\u0026nbsp;State: established\\n\u0026nbsp;\u0026nbsp;Uptime: 31 minutes, 49 seconds\\n\u0026nbsp;\u0026nbsp;VRF: default\\n\u0026nbsp;\u0026nbsp;Inbound SPI: 0xcc09b0d4:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, \u003cb\u003eReplay window size: 16384\u003c/b\u003e, Seq: 0x0\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2101671584, Hard packet limit: 4000000000\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2657 secs, Hard time limit: 3600 secs\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 461294305\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 391481\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\\n\u0026nbsp;\u0026nbsp;Outbound SPI: 0xc7869a84:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Errors:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime config:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft packet limit: 2653085513, Hard packet limit: 4000000000\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Soft time limit: 2565 secs, Hard time limit: 3600 secs\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Lifetime current:\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current bytes: 1421924689\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Current packets: 1207796\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA add time: Mon Jul\u0026nbsp; 8 00:49:52 2024\\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;SA last use time: Mon Jul\u0026nbsp; 8 01:21:34 2024\\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\u003c/p\u003e\u003cp\u003eIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\u003c/p\u003e\u003cpre\u003eswitch(config)# ip security\\nswitch(config-ipsec)# sa policy sa1\\nswitch(config-ipsec-sa1)# no anti-replay detection\u003c/pre\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"shortName\": \"Arista\", \"dateUpdated\": \"2026-06-05T17:59:40.999Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-09T14:36:39.468Z\", \"dateReserved\": \"2026-02-11T21:25:16.721Z\", \"assignerOrgId\": \"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7\", \"datePublished\": \"2026-06-05T17:59:40.999Z\", \"assignerShortName\": \"Arista\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…