—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Systems Affected

Arista EOS-based products: 

7020R Series

7280R/R2Series

7500R/R2 Series

Limited exposure (IP-in-IPv6 and GUEv6) on:

7280R3 Series

7500R3 Series

7800R3 Series

Software Affected

All releases in the 4.36.x train

All releases in the 4.35.x train

All releases in the 4.34.x train

All releases in the 4.33.x train

All releases in the 4.32.x train

All releases in the 4.31.x train

All releases in the 4.30.x train

All releases in trains older than 4.30.x

All releases in trains newer than 4.36.x

Overview

A vulnerability has been reported in Arista Extensible Operating System (EOS), which could be exploited to cause unexpected tunnel protocol decapsulation and forwarding bypass.

Target Audience:

All end-user organizations and individuals using Arista EOS.

Risk Assessment:

Critical risks for unauthorized traffic injection, integrity of the systems.

 

Impact Assessment:

Potential impact on integrity of the system.

Description

Arista Extensible Operating System (EOS) is a network operating system used on Arista switches and routers, providing advanced networking, automation, and virtualization capabilities for enterprise and data centre environments.

An Incomplete Comparison with Missing Factors vulnerability exists in Arista EOS because affected platforms do not verify the tunnel protocol type during tunnel decapsulation, potentially leading to unexpected processing of non-configured tunnel traffic.

Successful exploitation of this vulnerability could allow an unintended user to cause the switch with a tunnel decapsulation configuration¿such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface-to incorrectly decapsulate and forward unexpected tunnelled packets with a destination IP matching its configured decapsulation IP.

Note: CVE-2026-7473 is being exploited in the wild.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137

Vendor Information

Arista

https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137

References

Arista

https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137

CVE Name

CVE-2026-7473

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoruQgACgkQ3jCgcSdc

ys/kmw//YwRbiz+/VjSd7u2wYjB60g5xFBn8A3D8vGwuscofB/xgQE6/ezflLd9E

g648V4qwektzKA2hzhwGXTq1oyAb8tKsRlQs9O08WMyd6k2CfK8rdy+XvqKSkAvx

sl4oWDbSeSb1HX0sEnfdwXGX8nEP//BkWp+z37gjOE3ywPpiRZKLjvl7efmj8It+

cSu50mS6/bcZzjPpTgfj4mytYibUDTtQReuJqAWod00+yb9taLjiyKpv4JZjx1sT

XgxqUMNVjdSTdZq9wmbNWI3YtNVrIX8wD95ZxN9byCawsgs18s5UN8jBUVZISm/A

pkgyPWbmncWFrL1nHqNxQ04b/X//msFrvPCAWKgJv66na+kkmJZN/sJ5IVWfghcM

n7UCI/jRtRNCI6unbVmXXuugbpxnWoT6JWCwv4GEJX+G7BFgmyF1u+uipTEYUMTN

CGso9Lzay5Z0jllcF09fjht/uUlLpb3lMgEoMb+kZ0UWntv4HrnmcwwVpmc6W5M/

qK8SfV0kZWeuBmdiudYHQCmT0gNwXubAiargQwygcQIOm9+GaV3vQ/PaiI7PkoT+

2mw5ad6cSJJU/OWA4DInh8KeCeghUIy0iI9zo5ueSfBvAxzlQ+Ltvp78Na/P2JHd

VtHMtI0+W/Uv1HYqc0awaee5/StCES7mHgxp1jgcBcCJM/olvyA=

=Qzgc

—–END PGP SIGNATURE—–