CVE-2021-28501

Published: Jan 14, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Affected (1)

Products: Arista: Terminattr

Arista

1 product

Terminattr

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Arista Terminattr	Up to 1.16.2

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

Source: psirt@arista.com

ExploitMitigationPatchVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationPatchVendor Advisory

Timeline

No history available yet.