CVE-2021-28493

Published: Sep 9, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases

Affected (1)

Products: Arista: Metamako Operating System

1 product

Metamako Operating System

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Arista Metamako Operating System	Up to 0.32.0

Running on/with	Platform Versions
Arista 7130	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67

Source: psirt@arista.com

MitigationVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.