{"api_version":"1","generated_at":"2026-06-22T22:52:59+00:00","cve":"CVE-2026-2379","urls":{"html":"https://cve.report/CVE-2026-2379","api":"https://cve.report/api/cve/CVE-2026-2379.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-2379","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-2379"},"summary":{"title":"Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled","description":"On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.","state":"PUBLISHED","assigner":"Arista","published_at":"2026-06-05 18:17:05","updated_at":"2026-06-05 19:03:48"},"problem_types":["CWE-672","CWE-672 CWE-672: Operation on a Resource after Expiration or Release"],"metrics":[{"version":"4.0","source":"psirt@arista.com","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.2,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"psirt@arista.com","type":"Secondary","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.9","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134","name":"https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134","refsource":"psirt@arista.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-2379","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2379","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.34.0 4.34.3M custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.33.0M 4.33.5M custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.32.0M 4.32.7M custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.31.0M 4.31.9M custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.30.0F 4.31.0 custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.29.0F 4.30.0 custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.28.0F 4.29.0 custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]},{"source":"CNA","vendor":"Arista Networks","product":"EOS","version":"affected 4.27.1F 4.28.0 custom","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\n\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\n\nCVE-2026-2379 has been fixed in the following releases:\n\n * 4.35.0F and later releases in the 4.35.x train\n * 4.34.4M and later releases in the 4.34.x train\n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train","time":"","lang":"en"}],"workarounds":[{"source":"CNA","title":"","value":"There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"2379","cve":"CVE-2026-2379","epss":"0.000440000","percentile":"0.137860000","score_date":"2026-06-11","updated_at":"2026-06-12 00:07:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["7280R3 Series with IPsec (DCS-7280SR3AK","DCS-7280SR3AM","DCS-7280CR3AK","DCS-7280CR3AM","DCS-7280CR3MK","DCS-7280DR3AK","DCS-7280DR3AM","DCS-7289R3AK-SC","DCS-7289R3AM-SC)","7800R3 Series with IPsec (7800R3A-36DM-LC","7800R3AK-36DM-LC","7800R3A-36PM-LC","7800R3AK-36PM-LC","7800R3A-36DM2-LC","7800R3AK-36DM2-LC)","AWE 7000 Series with IPsec (AWE-7250R-16S-F","AWE-7230R-4TX-4S-F","AWE-7220RP-5TH-2S-F)","AWE 5000 Series with IPsec (AWE-5510","AWE-5310)","CloudEOS VM"],"product":"EOS","vendor":"Arista Networks","versions":[{"lessThanOrEqual":"4.34.3M","status":"affected","version":"4.34.0","versionType":"custom"},{"lessThanOrEqual":"4.33.5M","status":"affected","version":"4.33.0M","versionType":"custom"},{"lessThanOrEqual":"4.32.7M","status":"affected","version":"4.32.0M","versionType":"custom"},{"lessThanOrEqual":"4.31.9M","status":"affected","version":"4.31.0M","versionType":"custom"},{"lessThan":"4.31.0","status":"affected","version":"4.30.0F","versionType":"custom"},{"lessThan":"4.30.0","status":"affected","version":"4.29.0F","versionType":"custom"},{"lessThan":"4.29.0","status":"affected","version":"4.28.0F","versionType":"custom"},{"lessThan":"4.28.0","status":"affected","version":"4.27.1F","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

In order to be vulnerable to CVE-2026-2379, the IPsec anti-replay detection feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.

The field “Replay window size” in the output of the command “show ip sec connection detail” can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.

switch#show ip sec connection detail\nTunnel0:\n  Source address: 2.0.0.1, Destination address: 2.0.0.2\n  State: established\n  Uptime: 31 minutes, 49 seconds\n  VRF: default\n  Inbound SPI: 0xcc09b0d4:\n    Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\n    Errors:\n      Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n    Lifetime config:\n      Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n      Soft packet limit: 2101671584, Hard packet limit: 4000000000\n      Soft time limit: 2657 secs, Hard time limit: 3600 secs\n    Lifetime current:\n      Current bytes: 461294305\n      Current packets: 391481\n      SA add time: Mon Jul  8 00:49:52 2024\n      SA last use time: Mon Jul  8 01:21:34 2024\n  Outbound SPI: 0xc7869a84:\n    Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n    Errors:\n      Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n    Lifetime config:\n      Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n      Soft packet limit: 2653085513, Hard packet limit: 4000000000\n      Soft time limit: 2565 secs, Hard time limit: 3600 secs\n    Lifetime current:\n      Current bytes: 1421924689\n      Current packets: 1207796\n      SA add time: Mon Jul  8 00:49:52 2024\n      SA last use time: Mon Jul  8 01:21:34 2024\n
 

In the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.

If anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:

switch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection
"}],"value":"In order to be vulnerable to CVE-2026-2379, the IPsec anti-replay detection feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\n\n\n\nThe field “Replay window size” in the output of the command “show ip sec connection detail” can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\n\n\n\nswitch#show ip sec connection detail\nTunnel0:\n  Source address: 2.0.0.1, Destination address: 2.0.0.2\n  State: established\n  Uptime: 31 minutes, 49 seconds\n  VRF: default\n  Inbound SPI: 0xcc09b0d4:\n    Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\n    Errors:\n      Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n    Lifetime config:\n      Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n      Soft packet limit: 2101671584, Hard packet limit: 4000000000\n      Soft time limit: 2657 secs, Hard time limit: 3600 secs\n    Lifetime current:\n      Current bytes: 461294305\n      Current packets: 391481\n      SA add time: Mon Jul  8 00:49:52 2024\n      SA last use time: Mon Jul  8 01:21:34 2024\n  Outbound SPI: 0xc7869a84:\n    Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n    Errors:\n      Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n    Lifetime config:\n      Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n      Soft packet limit: 2653085513, Hard packet limit: 4000000000\n      Soft time limit: 2565 secs, Hard time limit: 3600 secs\n    Lifetime current:\n      Current bytes: 1421924689\n      Current packets: 1207796\n      SA add time: Mon Jul  8 00:49:52 2024\n      SA last use time: Mon Jul  8 01:21:34 2024\n\n\n \n\n\n\nIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\n\n\n\nIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\n\n\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection"}],"datePublic":"2026-02-17T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.

"}],"value":"On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication."}],"impacts":[{"capecId":"CAPEC-60","descriptions":[{"lang":"en","value":"CAPEC-60 Reusing Session Tokens"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.2,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-672","description":"CWE-672: Operation on a Resource after Expiration or Release","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-05T17:59:40.999Z","orgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","shortName":"Arista"},"references":[{"tags":["vendor-advisory"],"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.

For more information about upgrading see: EOS User Manual: Upgrades and Downgrades

CVE-2026-2379 has been fixed in the following releases:

"}],"value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\n\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\n\nCVE-2026-2379 has been fixed in the following releases:\n\n * 4.35.0F and later releases in the 4.35.x train\n * 4.34.4M and later releases in the 4.34.x train\n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"}],"source":{"advisory":"0134","defect":["BUG 1188976"],"discovery":"INTERNAL"},"title":"Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.

"}],"value":"There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience."}],"x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","assignerShortName":"Arista","cveId":"CVE-2026-2379","datePublished":"2026-06-05T17:59:40.999Z","dateReserved":"2026-02-11T21:25:16.721Z","dateUpdated":"2026-06-05T17:59:40.999Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-05 18:17:05","lastModifiedDate":"2026-06-05 19:03:48","problem_types":["CWE-672","CWE-672 CWE-672: Operation on a Resource after Expiration or Release"],"metrics":{"cvssMetricV40":[{"source":"psirt@arista.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"psirt@arista.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"2379","Ordinal":"1","Title":"Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface F","CVE":"CVE-2026-2379","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"2379","Ordinal":"1","NoteData":"On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.","Type":"Description","Title":"Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface F"}]}}}