SB2026060970 - Security restrictions bypass in Arista EOS

Security Bulletin ID SB2026060970

CSH Severity

High

Patch available

NO

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Incomplete Comparison with Missing Factors (CVE-ID: CVE-2026-7473)

CWE-ID: CWE-1023 - Incomplete Comparison with Missing Factors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber

The vulnerability allows a remote attacker to bypass intended tunnel protocol restrictions and forward unexpected tunneled traffic.

The vulnerability exists due to incomplete comparison with missing factors in tunnel decapsulation processing in Arista EOS when handling tunneled packets addressed to a configured decapsulation IP. A remote attacker can send specially crafted tunneled packets using a non-configured tunnel protocol to bypass intended tunnel protocol restrictions and forward unexpected tunneled traffic.

Exploitation requires the device to be configured as a tunnel endpoint with a decapsulation IP, such as for VXLAN, a GRE tunnel endpoint, or an ip decap-group.

Note, the vulnerability is being exploited in the wild.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137