CVE-2021-28507 | SynScan

Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2021-28507

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

Published: Jan 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-28507
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arista / eos	4.21.0f	4.21.0f.x
arista / eos	4.21.1f	4.21.1f.x
arista / eos	4.22.0f	4.22.0f.x
arista / eos	4.22.1f	4.22.1f.x
arista / eos	4.23.0	4.23.9m.x
arista / eos	4.24.0	4.24.7m.x
arista / eos	4.25.0	4.25.3.x
arista / eos	4.25.4	4.25.4m.x
arista / eos	4.25.5	4.25.5.1m.x
arista / eos	4.26.0	4.26.2f.x
arista / eos	4.21.3f	4.21.3f.x

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071