CVE Vulnerabilities

CVE-2021-28507

Published: Jan 14, 2022 | Modified: Jul 14, 2022
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

Affected Software

Name Vendor Start Version End Version
Eos Arista 4.23.0 (including) 4.23.9m (including)
Eos Arista 4.24.0 (including) 4.24.7m (including)
Eos Arista 4.25.0 (including) 4.25.3 (including)
Eos Arista 4.25.4 (including) 4.25.4m (including)
Eos Arista 4.25.5 (including) 4.25.5.1m (including)
Eos Arista 4.26.0 (including) 4.26.2f (including)
Eos Arista 4.21.0f (including) 4.21.0f (including)
Eos Arista 4.21.1f (including) 4.21.1f (including)
Eos Arista 4.21.3f (including) 4.21.3f (including)
Eos Arista 4.22.0f (including) 4.22.0f (including)
Eos Arista 4.22.1f (including) 4.22.1f (including)

References