CVE-2021-28501

CWE-285CWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGH
EPSS
0.3%
top 47.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista TerminattrArista Networks Terminattr
Timeline
PublishedJan 14
Latest updateJan 15

Description

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDarista/terminattr1.16.2
CVEListV5arista_networks/terminattr1.16.2 0

Patches

Patch: www.arista.comPatch: www.arista.com

🔴Vulnerability Details

2
GHSA
GHSA-6m7h-74wg-gq59: An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in2022-01-15
CVEList
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users2022-01-14