CVE-2026-2379
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | EOS | 4.34.0 <= 4.34.3M | affected |
| Arista Networks | EOS | 4.33.0M <= 4.33.5M | affected |
| Arista Networks | EOS | 4.32.0M <= 4.32.7M | affected |
| Arista Networks | EOS | 4.31.0M <= 4.31.9M | affected |
| Arista Networks | EOS | 4.30.0F < 4.31.0 | affected |
| Arista Networks | EOS | 4.29.0F < 4.30.0 | affected |
| Arista Networks | EOS | 4.28.0F < 4.29.0 | affected |
| Arista Networks | EOS | 4.27.1F < 4.28.0 | affected |
Weaknesses
- CWE-672: CWE-672: Operation on a Resource after Expiration or Release
Workarounds
There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.