CVE Vulnerabilities

CVE-2021-28501

Published: Jan 14, 2022 | Modified: Jul 14, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

An issue has recently been discovered in Arista EOS where the incorrect use of EOSs AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Affected Software

Name Vendor Start Version End Version
Terminattr Arista * 1.16.2 (including)

References