CVE-2026-2379

Vulnerability

On affected Arista EOS platforms with hardware IPSec support and certain IPsec features enabled, physical interface flaps or agent restarts can trigger IPsec tunnel re-establishment. This process may lead to sequence number mismatches between tunnel endpoints, causing unstable communication. Affected EOS versions include 4.34.3M and below in the 4.34.x train, 4.33.5M and below in the 4.33.x train, 4.32.7M and below in the 4.32.x train, and 4.31.9M and below in the 4.31.x train [1].

Exploitation

An attacker would need to trigger conditions that cause IPsec tunnel re-establishment, such as physical interface flaps or agent restarts, on affected Arista EOS devices. This vulnerability does not appear to require direct network access or authentication, but rather relies on internal system events to trigger the sequence number mismatch during tunnel re-establishment [1].

Impact

Successful exploitation of this vulnerability can lead to unstable communication over IPsec tunnels due to sequence number mismatches. This could result in intermittent connectivity loss or data corruption for traffic traversing the affected tunnels, impacting the availability and integrity of network communications [1].

Mitigation

Arista has released updated versions of EOS to address this vulnerability. Specific fixed versions are not detailed in the provided references, but users are advised to upgrade to a non-vulnerable version. Arista is not aware of any malicious uses of this issue in customer networks [1].