CVE-2021-28505
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.26 to 4.26.4m |
| Running on/with | Platform Versions |
|---|---|
Arista Ccs 710p 12 | All versions |
Arista Ccs 710p 16p | All versions |
Arista Ccs 720xp 24y6 | All versions |
Arista Ccs 720xp 24zy4 | All versions |
Arista Ccs 720xp 48y6 | All versions |
Arista Ccs 720xp 48zc2 | All versions |
Arista Ccs 720xp 96zc2 | All versions |
Arista Ccs 722xpm 48y4 | All versions |
Arista Ccs 722xpm 48zy8 | All versions |
Arista Dcs 7010tx 48 | All versions |
Arista Dcs 7050cx3 32s | All versions |
Arista Dcs 7050cx3m 32s | All versions |
Arista Dcs 7050sx3 48c8 | All versions |
Arista Dcs 7050sx3 48yc12 | All versions |
Arista Dcs 7050sx3 48yc8 | All versions |
Arista Dcs 7050sx3 96yc8 | All versions |
Arista Dcs 7050tx3 48c8 | All versions |
Related CWEs
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: psirt@arista.com
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Timeline
No history available yet.