CVE-2026-7473
Arista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
Ver en NVDAnálisis
Arista EOS switches are incorrectly decapsulating and forwarding unexpected tunneled packets like VXLAN or GRE when the destination IP matches. This flaw allows for the processing of non-configured tunnel traffic and potentially bypasses network isolation. This vulnerability is currently being actively exploited in the wild.
Roles relevantes
Severidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NCWE-1023CISA KEV
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
EPSS
Afecta
arista:eosarista:7020sr-24c2arista:7020sr-32c2arista:7020srg-24c2arista:7020tr-48arista:7020tra-48arista:7280cr-48arista:7280cr2-60arista:7280cr2a-30arista:7280cr2a-60arista:7280cr2k-30arista:7280cr2k-60arista:7280cr2m-30arista:7280cr3-32d4arista:7280cr3-32p4arista:7280cr3-36sarista:7280cr3-96arista:7280cr3a-24d12arista:7280cr3a-48d6arista:7280cr3a-72arista:7280cr3ak-24d12arista:7280cr3ak-48d6arista:7280cr3ak-72arista:7280cr3am-24d12arista:7280cr3am-48d6arista:7280cr3am-72arista:7280cr3mk-32d4sarista:7280cr3mk-32p4sarista:7280dr3-24arista:7280dr3a-36arista:7280dr3a-54arista:7280dr3ak-36arista:7280dr3ak-54arista:7280dr3am-36arista:7280dr3am-54arista:7280pr3-24arista:7280qr-c36arista:7280qr-c36-marista:7280qr-c72arista:7280qra-c36sarista:7280qra-c36smarista:7280sr-48c6arista:7280sr2-48yc6arista:7280sr2-48yc6-marista:7280sr2a-48yc6arista:7280sr2a-48yc6-marista:7280sr2k-48c6-marista:7280sr3-40yc6arista:7280sr3-48yc8arista:7280sr3m-48yc8arista:7280sra-48c6arista:7280sra-48c6-marista:7280sram-48c6arista:7280srm-40cx2arista:7280tr-48c6arista:7280tr3-40c6arista:7280tra-48c6arista:7280tra-48c6-marista:7289r3a-scarista:7289r3ak-scarista:7289r3am-scarista:7500r-36cq-lcarista:7500r-36q-lcarista:7500r-48s2cq-lcarista:7500r-8cfpx-lcarista:7500r2-36cq-lcarista:7500r2a-36cq-lcarista:7500r2ak-36cq-lcarista:7500r2ak-48ycq-lcarista:7500r2am-36cq-lcarista:7500r2m-36cq-lcarista:7500r3-24darista:7500r3-24parista:7500r3-36cqarista:7500r3k-36cqarista:7500r3k-48y4darista:7500rm-36cq-lcarista:7504r-fmarista:7504r3arista:7508r-fmarista:7508r3arista:7512r-fmarista:7512r3arista:7516-sup2arista:7516n-charista:7516r-fmarista:7800r3-36darista:7800r3-48cqarista:7800r3a-36darista:7800r3a-36dmarista:7800r3a-36parista:7800r3a-36pmarista:7800r3ak-36dmarista:7800r3ak-36pmarista:7800r3k-48cqarista:7800r3k-48cqmsarista:7800r3k-72yarista:7804r3arista:7808r3arista:7812r3arista:7816lr3arista:7816r3Descripción técnica
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.