Description
On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
Published: 2026-06-05
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker, by causing physical interface flaps or agent restarts, to trigger the re-establishment of IPsec tunnels that reuse existing security associations and produce sequence number mismatches between tunnel endpoints. This mismatch can lead to unstable or disrupted communication across the affected network links, potentially resulting in a denial of service for hosts that rely on those tunnels.

Affected Systems

Arista Networks EOS operating systems. Affected versions include all releases in the 4.35.x train from 4.35.0F onward, the 4.34.x train from 4.34.4M onward, the 4.33.x train from 4.33.6M onward, the 4.32.x train from 4.32.8M onward, and the 4.31.x train from 4.31.10M onward.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity vulnerability. Although no EPSS score is published and the vulnerability is not listed in the CISA KEV catalog, the instability it causes can be critical in production environments. The likely attack vector is local: an attacker who can trigger interface flaps or perform agent restarts on the device can exploit the issue, so mitigating this flaw requires restricting that capability or applying the vendor’s patch.

Generated by OpenCVE AI on June 5, 2026 at 19:36 UTC.

Remediation

Vendor Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2026-2379 has been fixed in the following releases: * 4.35.0F and later releases in the 4.35.x train * 4.34.4M and later releases in the 4.34.x train * 4.33.6M and later releases in the 4.33.x train * 4.32.8M and later releases in the 4.32.x train * 4.31.10M and later releases in the 4.31.x train

Vendor Workaround

There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.

OpenCVE Recommended Actions

  • Upgrade the EOS software to at least 4.35.0F or a later remediated release in your current train.
  • Follow the Arista EOS upgrade procedure outlined in the EOS User Manual: Upgrades and Downgrades.
  • Verify that all IPsec tunnels are using the latest firmware and that anti‑replay protection remains enabled if possible.

Generated by OpenCVE AI on June 5, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.
Title Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled
Weaknesses CWE-672
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2026-06-05T17:59:40.999Z

Reserved: 2026-02-11T21:25:16.721Z

Link: CVE-2026-2379

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T18:17:05.750

Modified: 2026-06-05T19:03:48.933

Link: CVE-2026-2379

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T19:45:03Z

Weaknesses