Arista Updates
1757Warning Date
Severity Level
Warning Number
Target Sector
17 December, 2020
● Medium
2020-2224
All
Description:
Arista has released security updates to address multiple vulnerabilities in the following products:
- EOS
- Versions
- 4.24.2.4F and below releases in the 4.24.x train.
- 4.23.4M and below releases in the 4.23.x train.
- 4.22.6M and below releases in the 4.22.x train
- 4.21.12M and below releases in the 4.21.x train.
- Platforms
- 7500R3 Series
- 7800R3 Series
- 7280R3 Series
- 7010 series
- 7050X/X2/X3 series
- 7060X/X2/X4 series
- 7170 series
- 720X series
- 7250X series
- 7260X/X3 series
- 7300X/7320X/7300X3 series
- 7368X4 series
- 7280E/R/R2 series
- 7500E/R/R2 series
- CloudEOS Virtual Router, as a VM on-premises or in the public cloud marketplaces
- CloudEOS Container, that runs in Kubernetes on-premises clusters
- Versions
- AP Build
- 8.8.3-12 and below releases in the 8.8.3 train.
- Arista Wireless Access Point
- AV2
- C-75/C75-E
- O-90/O90E
- W-68
Threats:
- Denial of service attack (DoS)
- Incorrect traffic routing which cause packets loss.
Best practice and Recommendations:
The CERT team encourages users to review Arista security advisory and apply the necessary updates:
- https://www.arista.com/en/support/advisories-notices/security-advisories/11999-security-advisory-59
- https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58
- https://www.arista.com/en/support/advisories-notices/security-advisories/11997-security-advisory-57
- https://www.arista.com/en/support/advisories-notices/security-advisories/11996-security-advisory-56
- https://www.arista.com/en/support/advisories-notices/security-advisories/11995-security-advisory-55