vulnerability

security-advisory-0040

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Apr 16, 2019	Sep 4, 2024	Jan 14, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Apr 16, 2019

Added

Sep 4, 2024

Modified

Jan 14, 2026

Description

A kernel crash can be triggered remotely through the network by certain malformed packets, specifically by sending an IP packet with rarely used packet options to a switch via a routed port. This is a publicly found vulnerability and the exposure is specific to EosKernel-3.4 that was used in the EOS releases noted below. Arista is using an updated Kernel version in all of its recent EOS releases and, as such, those versions are not susceptible to this crash or soft lockup.

Solution

upgrade-solution-cve-2013-7470

References

CVE-2013-7470
https://attackerkb.com/topics/CVE-2013-7470
URL-https://www.arista.com//en/support/advisories-notices/security-advisory/7098-security-advisory-40

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today