Arista has released security updates to address a vulnerability in the following products:

EOS versions (When Octa is in use on the device) :

• 4.23.11 and below release in the 4.23.x train
• 4.24.9 and below release in the 4.24.x train
• 4.25.7 and below releases in the 4.25.x train
• 4.26.5 and below releases in the 4.26.x train
• 4.27.1 and below releases in the 4.27.x train

TerminAttr versions:

• TerminAttr v1.10.10 and all prior releases
• TerminAttr v1.16.7 and all prior releases in the v1.11.x-v1.16.x trains
• TerminAttr v1.18.1 and all prior releases in the v1.17.x-v1.18.x trains

EOS versions (When Octa is in use on the device) :

• 4.23.11 and below release in the 4.23.x train
• 4.24.9 and below release in the 4.24.x train
• 4.25.7 and below releases in the 4.25.x train
• 4.26.5 and below releases in the 4.26.x train
• 4.27.3 and below releases in the 4.27.x train

TerminAttr versions:

• TerminAttr v1.10.10 and all prior releases
• TerminAttr v1.16.7 and all prior releases in the v1.11.x-v1.16.x trains
• TerminAttr v1.19.1 and all prior releases in the v1.17.x-v1.19.x trains

Arista EOS-based products that support IPsec:

• DCS-7020SRG
• DCS-7280CR3MK

Arista EOS-based products that support MACsec:

• 722XP series
• 7050X3 series
• 7280R/R2/R3 series
• 7388X5 series
• 7500R/R2/R3 series
• 7800R3 series

An attacker could exploit multiple vulnerabilities by exposing sensitive information.

The CERT team encourages users to review Arista security advisory and apply the necessary updates:

• https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077