CVE-2021-28506

CWE-285 CWE-306 — Missing Authentication CWE-862 — Missing Authorization CWE-863 — Incorrect Authorization4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.5%

top 34.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista Networks EOS Arista EOS

Timeline

PublishedJan 14

Latest updateJun 10

Description

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDarista/eos4.24.0 — 4.24.7m+4

▶CVEListV5arista_networks/eos4.26.2F — 4.26.0+4

Patches

Patch: www.arista.com ↗Patch: www.arista.com ↗

🔴Vulnerability Details

OSV

giflib vulnerabilities↗2024-06-10

▶

GHSA

GHSA-6vpx-f5jx-6w5m: An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially↗2022-01-15

▶

CVEList

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.↗2022-01-14

▶