CVE-2026-7473
- EPSS 0.84%
- Veröffentlicht 05.06.2026 16:22:47
- Zuletzt bearbeitet 09.06.2026 20:48:49
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
Arista EOS Unexpected Tunnel Protocol Decapsulation and Forwarding Bypass
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a destination IP matching its configured decapsulation IP. This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic. This issue has been reported as being exploited in the wild.
Arista ≫ 7020sr-32c2 Version-
Arista ≫ 7020srg-24c2 Version-
Arista ≫ 7020tr-48 Version-
Arista ≫ 7020tra-48 Version-
Arista ≫ 7280cr-48 Version-
Arista ≫ 7280cr2-60 Version-
Arista ≫ 7280cr2a-30 Version-
Arista ≫ 7280cr2a-60 Version-
Arista ≫ 7280cr2k-30 Version-
Arista ≫ 7280cr2k-60 Version-
Arista ≫ 7280cr2m-30 Version-
Arista ≫ 7280cr3-32d4 Version-
Arista ≫ 7280cr3-32p4 Version-
Arista ≫ 7280cr3-36s Version-
Arista ≫ 7280cr3-96 Version-
Arista ≫ 7280cr3a-24d12 Version-
Arista ≫ 7280cr3a-48d6 Version-
Arista ≫ 7280cr3a-72 Version-
Arista ≫ 7280cr3ak-24d12 Version-
Arista ≫ 7280cr3ak-48d6 Version-
Arista ≫ 7280cr3ak-72 Version-
Arista ≫ 7280cr3am-24d12 Version-
Arista ≫ 7280cr3am-48d6 Version-
Arista ≫ 7280cr3am-72 Version-
Arista ≫ 7280cr3mk-32d4s Version-
Arista ≫ 7280cr3mk-32p4s Version-
Arista ≫ 7280dr3-24 Version-
Arista ≫ 7280dr3a-36 Version-
Arista ≫ 7280dr3a-54 Version-
Arista ≫ 7280dr3ak-36 Version-
Arista ≫ 7280dr3ak-54 Version-
Arista ≫ 7280dr3am-36 Version-
Arista ≫ 7280dr3am-54 Version-
Arista ≫ 7280pr3-24 Version-
Arista ≫ 7280qr-c36 Version-
Arista ≫ 7280qr-c36-m Version-
Arista ≫ 7280qr-c72 Version-
Arista ≫ 7280qra-c36s Version-
Arista ≫ 7280qra-c36sm Version-
Arista ≫ 7280sr-48c6 Version-
Arista ≫ 7280sr2-48yc6 Version-
Arista ≫ 7280sr2-48yc6-m Version-
Arista ≫ 7280sr2a-48yc6 Version-
Arista ≫ 7280sr2a-48yc6-m Version-
Arista ≫ 7280sr2k-48c6-m Version-
Arista ≫ 7280sr3-40yc6 Version-
Arista ≫ 7280sr3-48yc8 Version-
Arista ≫ 7280sr3m-48yc8 Version-
Arista ≫ 7280sra-48c6 Version-
Arista ≫ 7280sra-48c6-m Version-
Arista ≫ 7280sram-48c6 Version-
Arista ≫ 7280srm-40cx2 Version-
Arista ≫ 7280tr-48c6 Version-
Arista ≫ 7280tr3-40c6 Version-
Arista ≫ 7280tra-48c6 Version-
Arista ≫ 7280tra-48c6-m Version-
Arista ≫ 7289r3a-sc Version-
Arista ≫ 7289r3ak-sc Version-
Arista ≫ 7289r3am-sc Version-
Arista ≫ 7500r-36cq-lc Version-
Arista ≫ 7500r-36q-lc Version-
Arista ≫ 7500r-48s2cq-lc Version-
Arista ≫ 7500r-8cfpx-lc Version-
Arista ≫ 7500r2-36cq-lc Version-
Arista ≫ 7500r2a-36cq-lc Version-
Arista ≫ 7500r2ak-36cq-lc Version-
Arista ≫ 7500r2ak-48ycq-lc Version-
Arista ≫ 7500r2am-36cq-lc Version-
Arista ≫ 7500r2m-36cq-lc Version-
Arista ≫ 7500r3-24d Version-
Arista ≫ 7500r3-24p Version-
Arista ≫ 7500r3-36cq Version-
Arista ≫ 7500r3k-36cq Version-
Arista ≫ 7500r3k-48y4d Version-
Arista ≫ 7500rm-36cq-lc Version-
Arista ≫ 7504r-fm Version-
Arista ≫ 7504r3 Version-
Arista ≫ 7508r-fm Version-
Arista ≫ 7508r3 Version-
Arista ≫ 7512r-fm Version-
Arista ≫ 7512r3 Version-
Arista ≫ 7516-sup2 Version-
Arista ≫ 7516n-ch Version-
Arista ≫ 7516r-fm Version-
Arista ≫ 7800r3-36d Version-
Arista ≫ 7800r3-48cq Version-
Arista ≫ 7800r3a-36d Version-
Arista ≫ 7800r3a-36dm Version-
Arista ≫ 7800r3a-36p Version-
Arista ≫ 7800r3a-36pm Version-
Arista ≫ 7800r3ak-36dm Version-
Arista ≫ 7800r3ak-36pm Version-
Arista ≫ 7800r3k-48cq Version-
Arista ≫ 7800r3k-48cqms Version-
Arista ≫ 7800r3k-72y Version-
Arista ≫ 7804r3 Version-
Arista ≫ 7808r3 Version-
Arista ≫ 7812r3 Version-
Arista ≫ 7816lr3 Version-
Arista ≫ 7816r3 Version-
09.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
SchwachstelleArista Extensible Operating System (EOS) contains an incomplete comparison with missing factors vulnerability when the switch incorrectly decapsulate and forwards other unexpected tunneled packet with a destination IP matching its configured decapsulation IP.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.53 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@arista.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@arista.com | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
|
The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.