CVE Vulnerabilities

CVE-2021-28500

Published: Jan 14, 2022 | Modified: Aug 17, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

An issue has recently been discovered in Arista EOS where the incorrect use of EOSs AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Affected Software

Name Vendor Start Version End Version
Eos Arista * 4.20 (excluding)
Eos Arista 4.21.0 (including) 4.21.14m (including)
Eos Arista 4.22.0 (including) 4.22.11m (including)
Eos Arista 4.23.0 (including) 4.23.8m (including)
Eos Arista 4.24.6.0 (including) 4.24.6m (including)
Eos Arista 4.25.0 (including) 4.25.4m (including)
Eos Arista 4.26.0 (including) 4.26.1f (including)

References