Posted on December 12, 2021 5:12 am
 |  Asked by Willie King
 |  996 views
0
0
Print Friendly, PDF & Email

Can you please confirm if Arista  appliances are affected by the recent zero-day vulnerability tracked as CVE-2021-44228?

1
Answered on December 12, 2021 5:13 am

Hi Willie,

Thanks for reaching out.

We are actively checking the CVE-2021-44228 and have not found any indications of exposure in Arista EOS and CVP products. The initial assessment is pointing towards Arista EOS and CloudVision not being impacted.

Will keep this thread posted for further updates.

Thanks,

Bhavana.

0
Posted by Manoaj
Answered on December 13, 2021 3:54 am

Hi Willie,

Thanks for reaching out.

Arista Engineering and Security teams are actively analyzing the product lines to identify the products that may be affected by this vulnerability. Arista will continue to update the advisory(link below) with possible workarounds/mitigations as soon as they are available.

https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

0
Posted by Cristian Tozaru
Answered on December 15, 2021 10:33 am

Hello,

Looking at the list provided Cloud Vision is present with:

  • CloudVision Portal
    • 2019.1.0 and all later releases

This means that any 2020 or 2021 release are also affected.

For the affected products when will we see a workaround/fix?

Thank you!

0
Answered on December 15, 2021 12:02 pm

Hello Christian,

The Devs are working for the workaround on priority and there should be a patch available soon. You can keep an eye or monitor the advisory for more updates on this.

https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070

Regards,
Pushkar

0
Answered on December 15, 2021 12:06 pm

Hi Cristian,

Thanks for reaching out.

Yeah, As mentioned in the Security advisory 70, 2020 and 2021 CVP versions are also affected by this CVE.

Our Engineering team is actively developing patches to affected products and will update the advisory when more information is available.

 

Thanks,

Bhavana.

0
Answered on December 16, 2021 2:39 pm

Hello Christian/Willie,

To update you that we have a workaround mentioned in the link below

https://www.arista.com/en/support/advisories-notices/security-advisories/security-advisory-0070-patches-mitigation

You can go through the above link and get back if you have any questions.

Regards,
Pushkar

Post your Answer

You must be logged in to post an answer.