Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-2379
PUBLISHED
More InfoOfficial Page
Assigner-Arista
Assigner Org ID-c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7
View Known Exploited Vulnerability (KEV) details
Published At-05 Jun, 2026 | 17:59
Updated At-05 Jun, 2026 | 17:59
Rejected At-
▼CVE Numbering Authority (CNA)
Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.

Affected Products
Vendor
Arista Networks, Inc.Arista Networks
Product
EOS
Platforms
  • 7280R3 Series with IPsec (DCS-7280SR3AK
  • DCS-7280SR3AM
  • DCS-7280CR3AK
  • DCS-7280CR3AM
  • DCS-7280CR3MK
  • DCS-7280DR3AK
  • DCS-7280DR3AM
  • DCS-7289R3AK-SC
  • DCS-7289R3AM-SC)
  • 7800R3 Series with IPsec (7800R3A-36DM-LC
  • 7800R3AK-36DM-LC
  • 7800R3A-36PM-LC
  • 7800R3AK-36PM-LC
  • 7800R3A-36DM2-LC
  • 7800R3AK-36DM2-LC)
  • AWE 7000 Series with IPsec (AWE-7250R-16S-F
  • AWE-7230R-4TX-4S-F
  • AWE-7220RP-5TH-2S-F)
  • AWE 5000 Series with IPsec (AWE-5510
  • AWE-5310)
  • CloudEOS VM
Default Status
unaffected
Versions
Affected
  • From 4.34.0 through 4.34.3M (custom)
  • From 4.33.0M through 4.33.5M (custom)
  • From 4.32.0M through 4.32.7M (custom)
  • From 4.31.0M through 4.31.9M (custom)
  • From 4.30.0F before 4.31.0 (custom)
  • From 4.29.0F before 4.30.0 (custom)
  • From 4.28.0F before 4.29.0 (custom)
  • From 4.27.1F before 4.28.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-672CWE-672: Operation on a Resource after Expiration or Release
Type: CWE
CWE ID: CWE-672
Description: CWE-672: Operation on a Resource after Expiration or Release
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.08.2HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-60CAPEC-60 Reusing Session Tokens
CAPEC ID: CAPEC-60
Description: CAPEC-60 Reusing Session Tokens
Solutions

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2026-2379 has been fixed in the following releases: * 4.35.0F and later releases in the 4.35.x train * 4.34.4M and later releases in the 4.34.x train * 4.33.6M and later releases in the 4.33.x train * 4.32.8M and later releases in the 4.32.x train * 4.31.10M and later releases in the 4.31.x train

Configurations

In order to be vulnerable to CVE-2026-2379, the IPsec anti-replay detection feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS. The field “Replay window size” in the output of the command “show ip sec connection detail” can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled. switch#show ip sec connection detail Tunnel0:   Source address: 2.0.0.1, Destination address: 2.0.0.2   State: established   Uptime: 31 minutes, 49 seconds   VRF: default   Inbound SPI: 0xcc09b0d4:     Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0     Errors:       Packets outside replay window: 0, Replay: 0, Integrity failed: 0     Lifetime config:       Soft byte limit: 3728539143000, Hard byte limit: 6442450944000       Soft packet limit: 2101671584, Hard packet limit: 4000000000       Soft time limit: 2657 secs, Hard time limit: 3600 secs     Lifetime current:       Current bytes: 461294305       Current packets: 391481       SA add time: Mon Jul  8 00:49:52 2024       SA last use time: Mon Jul  8 01:21:34 2024   Outbound SPI: 0xc7869a84:     Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0     Errors:       Packets outside replay window: 0, Replay: 0, Integrity failed: 0     Lifetime config:       Soft byte limit: 3616989511500, Hard byte limit: 6442450944000       Soft packet limit: 2653085513, Hard packet limit: 4000000000       Soft time limit: 2565 secs, Hard time limit: 3600 secs     Lifetime current:       Current bytes: 1421924689       Current packets: 1207796       SA add time: Mon Jul  8 00:49:52 2024       SA last use time: Mon Jul  8 01:21:34 2024   In the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled. If anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration: switch(config)# ip security switch(config-ipsec)# sa policy sa1 switch(config-ipsec-sa1)# no anti-replay detection

Workarounds

There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134
vendor-advisory
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134
Resource:
vendor-advisory
Details not found