CVE-2021-28507

Published: Jan 14, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

Affected (11)

Products: Arista: Eos

Arista

1 product

Eos

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Arista Eos	From 4.23.0 to 4.23.9m
Arista Eos	From 4.24.0 to 4.24.7m
Arista Eos	From 4.25.0 to 4.25.3
Arista Eos	From 4.25.4 to 4.25.4m
Arista Eos	From 4.25.5 to 4.25.5.1m
Arista Eos	From 4.26.0 to 4.26.2f
Arista Eos	Version 4.21.0f
Arista Eos	Version 4.21.1f
Arista Eos	Version 4.21.3f
Arista Eos	Version 4.22.0f
Arista Eos	Version 4.22.1f

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

Source: psirt@arista.com

ExploitMitigationPatchVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationPatchVendor Advisory

Timeline

No history available yet.