Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass

5.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Description

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.

This issue has been reported as being exploited in the wild.

Basic Information

ID CVE-2026-7473

Source Arista

Published Jun 5, 2026 at 16:22

Affected Product

Vendor Arista Networks

Product EOS

Version 4.36.0

Affected Versions Arista Networks EOS 4.36.0
Arista Networks EOS 4.35.0
Arista Networks EOS 4.34.0
Arista Networks EOS 4.33.0
Arista Networks EOS 4.32.0
Arista Networks EOS 4.31.0
Arista Networks EOS *

CWE Classification

CWE-1023

References

www.arista.com /en/support/advisories-notices/security-advisory/22872-security-advisory-0137

{
    "lastseen": "",
    "description": "On affected platforms running Arista EOS where a tunnel decapsulation configuration\u2014such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface\u2014is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.\n\n\n\nThis issue has been reported as being exploited in the wild.",
    "published": "2026-06-05T16:22:47.989Z",
    "modified": "2026-06-05T16:22:47.989Z",
    "type": "cve",
    "title": "Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/22872-security-advisory-0137",
    "id": "CVE-2026-7473",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1023"
    ],
    "cvelist": null,
    "sourceData": "Arista Networks EOS 4.36.0\nArista Networks EOS 4.35.0\nArista Networks EOS 4.34.0\nArista Networks EOS 4.33.0\nArista Networks EOS 4.32.0\nArista Networks EOS 4.31.0\nArista Networks EOS *",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EOS",
    "version": "4.36.0",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass_CVE-2026-7473