CVE-2021-28506
published 2022-01-14CVE-2021-28506: An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a…
PriorityP351critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.42%
69.5th percentile
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | eos | 4.24.0 – 4.24.7m | — |
| arista | eos | 4.25.0 – 4.25.3 | — |
| arista | eos | 4.25.4 – 4.25.4m | — |
| arista | eos | 4.25.5 – 4.25.5.1m | — |
| arista | eos | 4.26.0 – 4.26.2f | — |
| arista_networks | eos | 4.24.7M – 4.24.2F | — |
| arista_networks | eos | 4.25.3 – 4.25.0 | — |
| arista_networks | eos | 4.25.4M – 4.25.4 | — |
| arista_networks | eos | 4.25.5.1M – 4.25.5 | — |
| arista_networks | eos | 4.26.2F – 4.26.0 | — |
| giflib_project | giflib | >= 0 < 5.1.9-1ubuntu0.1 | 5.1.9-1ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.9-2ubuntu0.1 | 5.1.9-2ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.4-0.3~16.04.1+esm1 | 5.1.4-0.3~16.04.1+esm1 |
| giflib_project | giflib | >= 0 < 5.1.4-2ubuntu0.1+esm1 | 5.1.4-2ubuntu0.1+esm1 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:N/I:C/A:C
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
giflib vulnerabilities
osv·2024-06-10·CVSS 8.8
CVE-2021-40633 giflib vulnerabilities
giflib vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-40633, CVE-2022-28506, CVE-2023-39742)
GHSA
GHSA-6vpx-f5jx-6w5m: An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially
ghsa_unreviewed·2022-01-15
CVE-2021-28506 [CRITICAL] CWE-306 GHSA-6vpx-f5jx-6w5m: An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-14
Published