Rule ID
SV-255967r882243_rule
Version
V1R1
CCIs
Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities.
Verify the Arista device is running a certified version of EOS from the Arista.com website on the Support/Software Download section. switch#show version Arista DCS-7280SRA-48C6-F Hardware version: 21.00 Serial number: SSJ18250372 Hardware MAC address: 7483.ef6d.86f7 System MAC address: 7483.ef6d.86f7 Software image version: 4.26.4M Architecture: i686 Internal build version: 4.26.4M-25280047.4264M Internal build ID: 79589245-f1f3-49b7-8bee-cbfacac004e6 Image format version: 1.0 Uptime: 2 weeks, 0 days, 9 hours and 53 minutes Total memory: 8098984 kB Free memory: 6155528 kB If the Arista network device is not running an operating system release that is currently supported by Arista Networks, this is a finding.
Upgrade the Arista network device to an operating system that is supported by the vendor. Step 1: The Administrator would log on to www.arista.com/support/software-download website and choose EOS/Active Releases and choose appropriate version of EOS to download. Step 2: Transfer the EOS-4.x.yz.swi.sha512sum to Arista network device directory "flash:". Step 3: From the EOS CLI, type dir flash: to verify the file EOS-4.x.yz.swi.sha512sum is in the directory "flash:". switch#directory flash: EOS-4.x.yz.swi.sha512sum Step 4: Use the command verify to verify the checksum sha512sum: switch#verify flash: /sha512 flash:EOS-4.x.yz checksum should match Step 5: The file can also be verified from bash. switch#bash #bash # sha512sum /mnt/flash/EOS-4.x.yz *note the Arista network device would not run an invalid version of EOS and if the checksum does not match, contact an Arista Representative for assistance.