Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps...

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.

Basic Information

ID CVE-2026-2379

Source Arista

Published Jun 5, 2026 at 17:59

Affected Product

Vendor Arista Networks

Product EOS

Version 4.34.0

Affected Versions Arista Networks EOS 4.34.0
Arista Networks EOS 4.33.0M
Arista Networks EOS 4.32.0M
Arista Networks EOS 4.31.0M
Arista Networks EOS 4.30.0F
Arista Networks EOS 4.29.0F
Arista Networks EOS 4.28.0F
Arista Networks EOS 4.27.1F

CWE Classification

CWE-672

References

www.arista.com /en/support/advisories-notices/security-advisory/23419-security-advisory-0134

{
    "lastseen": "",
    "description": "On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.",
    "published": "2026-06-05T17:59:40.999Z",
    "modified": "2026-06-05T17:59:40.999Z",
    "type": "cve",
    "title": "Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134",
    "id": "CVE-2026-2379",
    "bulletinFamily": "",
    "cwe": [
        "CWE-672"
    ],
    "cvelist": null,
    "sourceData": "Arista Networks EOS 4.34.0\nArista Networks EOS 4.33.0M\nArista Networks EOS 4.32.0M\nArista Networks EOS 4.31.0M\nArista Networks EOS 4.30.0F\nArista Networks EOS 4.29.0F\nArista Networks EOS 4.28.0F\nArista Networks EOS 4.27.1F",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EOS",
    "version": "4.34.0",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled_CVE-2026-2379