CVE-2026-2379
MEDIUMArista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled
Title source: cnaDescription
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134
Scores
CVSS v3
5.9
EPSS
0.0023
EPSS Percentile
13.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-672
Status
published
Products (8)
Arista Networks/EOS
4.27.1F - 4.28.0
Arista Networks/EOS
4.28.0F - 4.29.0
Arista Networks/EOS
4.29.0F - 4.30.0
Arista Networks/EOS
4.30.0F - 4.31.0
Arista Networks/EOS
4.31.0M - 4.31.9M
Arista Networks/EOS
4.32.0M - 4.32.7M
Arista Networks/EOS
4.33.0M - 4.33.5M
Arista Networks/EOS
4.34.0 - 4.34.3M
Published
Jun 05, 2026
Tracked Since
Jun 06, 2026