Today, CISA announced that it had added an incomplete comparison with missing factors vulnerability in the Arista EOS to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was previously disclosed by Arista and was originally reported by Scott Christiansen, Lukas Peitz, Rich Compton, and Jonathan Davis at Comcast. In version 1.1 (May 6th) of their advisory, Arista reported that the vulnerability had been reported as being exploited in the wild. Arista provides settings to mitigate the vulnerability; no software fix is planned.
CISA is requiring federal agencies to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. A deadline of June 23rd, 2026, has been set.
Posts
No comments:
Post a Comment