{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2379", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2026-02-11T21:25:16.721Z", "datePublished": "2026-06-05T17:59:40.999Z", "dateUpdated": "2026-06-05T17:59:40.999Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2026-06-05T17:59:40.999Z"}, "title": "Arista EOS IPsec Tunnel Sequence Number Mismatch via Interface Flaps when Anti-Replay is Disabled", "datePublic": "2026-02-17T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-672", "description": "CWE-672: Operation on a Resource after Expiration or Release", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-60", "descriptions": [{"lang": "en", "value": "CAPEC-60 Reusing Session Tokens"}]}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "platforms": ["7280R3 Series with IPsec (DCS-7280SR3AK", "DCS-7280SR3AM", "DCS-7280CR3AK", "DCS-7280CR3AM", "DCS-7280CR3MK", "DCS-7280DR3AK", "DCS-7280DR3AM", "DCS-7289R3AK-SC", "DCS-7289R3AM-SC)", "7800R3 Series with IPsec (7800R3A-36DM-LC", "7800R3AK-36DM-LC", "7800R3A-36PM-LC", "7800R3AK-36PM-LC", "7800R3A-36DM2-LC", "7800R3AK-36DM2-LC)", "AWE 7000 Series with IPsec (AWE-7250R-16S-F", "AWE-7230R-4TX-4S-F", "AWE-7220RP-5TH-2S-F)", "AWE 5000 Series with IPsec (AWE-5510", "AWE-5310)", "CloudEOS VM"], "versions": [{"status": "affected", "version": "4.34.0", "lessThanOrEqual": "4.34.3M", "versionType": "custom"}, {"status": "affected", "version": "4.33.0M", "lessThanOrEqual": "4.33.5M", "versionType": "custom"}, {"status": "affected", "version": "4.32.0M", "lessThanOrEqual": "4.32.7M", "versionType": "custom"}, {"status": "affected", "version": "4.31.0M", "lessThanOrEqual": "4.31.9M", "versionType": "custom"}, {"status": "affected", "version": "4.30.0F", "lessThan": "4.31.0", "versionType": "custom"}, {"status": "affected", "version": "4.29.0F", "lessThan": "4.30.0", "versionType": "custom"}, {"status": "affected", "version": "4.28.0F", "lessThan": "4.29.0", "versionType": "custom"}, {"status": "affected", "version": "4.27.1F", "lessThan": "4.28.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication.</p>"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134", "tags": ["vendor-advisory"]}], "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2026-2379, the IPsec\u00a0anti-replay detection\u00a0feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.\n\n\n\nThe field \u201cReplay window size\u201d in the output of the command \u201cshow ip sec connection detail\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.\n\n\n\nswitch#show ip sec connection detail\nTunnel0:\n\u00a0\u00a0Source address: 2.0.0.1, Destination address: 2.0.0.2\n\u00a0\u00a0State: established\n\u00a0\u00a0Uptime: 31 minutes, 49 seconds\n\u00a0\u00a0VRF: default\n\u00a0\u00a0Inbound SPI: 0xcc09b0d4:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 16384, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2101671584, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2657 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 461294305\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 391481\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\u00a0\u00a0Outbound SPI: 0xc7869a84:\n\u00a0\u00a0\u00a0\u00a0Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n\u00a0\u00a0\u00a0\u00a0Errors:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n\u00a0\u00a0\u00a0\u00a0Lifetime config:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft packet limit: 2653085513, Hard packet limit: 4000000000\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Soft time limit: 2565 secs, Hard time limit: 3600 secs\n\u00a0\u00a0\u00a0\u00a0Lifetime current:\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current bytes: 1421924689\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Current packets: 1207796\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA add time: Mon Jul\u00a0 8 00:49:52 2024\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SA last use time: Mon Jul\u00a0 8 01:21:34 2024\n\n\n\u00a0\n\n\n\nIn the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.\n\n\n\nIf anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:\n\n\n\nswitch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>In order to be vulnerable to CVE-2026-2379, the IPsec&nbsp;<b>anti-replay detection</b>&nbsp;feature must be disabled. The IPsec anti-replay detection feature is enabled by default when IPsec is enabled in Arista EOS.</p><p>The field \u201c<b>Replay window size</b>\u201d in the output of the command \u201c<b>show ip sec connection detail</b>\u201d can be used to verify whether anti-replay is enabled or disabled. A non-zero replay window size indicates that anti-replay detection is enabled.</p><pre>switch#show ip sec connection detail\nTunnel0:\n&nbsp;&nbsp;Source address: 2.0.0.1, Destination address: 2.0.0.2\n&nbsp;&nbsp;State: established\n&nbsp;&nbsp;Uptime: 31 minutes, 49 seconds\n&nbsp;&nbsp;VRF: default\n&nbsp;&nbsp;Inbound SPI: 0xcc09b0d4:\n&nbsp;&nbsp;&nbsp;&nbsp;Request ID: 312, Mode: tunnel, <b>Replay window size: 16384</b>, Seq: 0x0\n&nbsp;&nbsp;&nbsp;&nbsp;Errors:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n&nbsp;&nbsp;&nbsp;&nbsp;Lifetime config:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft byte limit: 3728539143000, Hard byte limit: 6442450944000\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft packet limit: 2101671584, Hard packet limit: 4000000000\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft time limit: 2657 secs, Hard time limit: 3600 secs\n&nbsp;&nbsp;&nbsp;&nbsp;Lifetime current:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Current bytes: 461294305\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Current packets: 391481\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SA add time: Mon Jul&nbsp; 8 00:49:52 2024\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SA last use time: Mon Jul&nbsp; 8 01:21:34 2024\n&nbsp;&nbsp;Outbound SPI: 0xc7869a84:\n&nbsp;&nbsp;&nbsp;&nbsp;Request ID: 312, Mode: tunnel, Replay window size: 0, Seq: 0x0\n&nbsp;&nbsp;&nbsp;&nbsp;Errors:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Packets outside replay window: 0, Replay: 0, Integrity failed: 0\n&nbsp;&nbsp;&nbsp;&nbsp;Lifetime config:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft byte limit: 3616989511500, Hard byte limit: 6442450944000\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft packet limit: 2653085513, Hard packet limit: 4000000000\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Soft time limit: 2565 secs, Hard time limit: 3600 secs\n&nbsp;&nbsp;&nbsp;&nbsp;Lifetime current:\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Current bytes: 1421924689\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Current packets: 1207796\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SA add time: Mon Jul&nbsp; 8 00:49:52 2024\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SA last use time: Mon Jul&nbsp; 8 01:21:34 2024\n</pre><div>&nbsp;</div><p>In the example above, the replay window size is non-zero which indicates that anti-replay detection is enabled.</p><p>If anti-replay detection is enabled, then the vulnerability is not present. The IPsec anti-replay detection feature is disabled with the following configuration:</p><pre>switch(config)# ip security\nswitch(config-ipsec)# sa policy sa1\nswitch(config-ipsec-sa1)# no anti-replay detection</pre>"}]}], "workarounds": [{"lang": "en", "value": "There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>There is no known mitigation for CVE-2026-2379. The recommended resolution is to upgrade to a remediated software version at your earliest convenience.</p>"}]}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\n\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\n\nCVE-2026-2379 has been fixed in the following releases:\n\n * 4.35.0F and later releases in the 4.35.x train\n * 4.34.4M and later releases in the 4.34.x train\n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.</p><p>For more information about upgrading see: <a href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\">EOS User Manual: Upgrades and Downgrades</a></p><p>CVE-2026-2379 has been fixed in the following releases:</p><ul><li>4.35.0F and later releases in the 4.35.x train</li><li>4.34.4M and later releases in the 4.34.x train</li><li>4.33.6M and later releases in the 4.33.x train</li><li>4.32.8M and later releases in the 4.32.x train</li><li>4.31.10M and later releases in the 4.31.x train</li></ul>"}]}], "source": {"defect": ["BUG 1188976"], "advisory": "0134", "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}, "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication."}], "id": "CVE-2026-2379", "lastModified": "2026-06-05T19:03:48.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@arista.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2026-06-05T18:17:05.750", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23419-security-advisory-0134"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-672"}], "source": "psirt@arista.com", "type": "Secondary"}]}

{}

{"created": "2026-06-05T19:45:03.194664+00:00", "updated": "2026-06-05T19:45:03.194674+00:00", "vendors": []}