CVE-2021-28500 | SynScan

Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2021-28500

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Published: Jan 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-28500
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arista / eos	-	4.20
arista / eos	4.21.0	4.21.14m.x
arista / eos	4.22.0	4.22.11m.x
arista / eos	4.23.0	4.23.8m.x
arista / eos	4.24.6.0	4.24.6m.x
arista / eos	4.26.0	4.26.1f.x
arista / eos	4.25.0	4.25.4m.x

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071