cbcvebase.
CVE-2021-28506
published 2022-01-14

CVE-2021-28506: An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a…

PriorityP351critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.42%
69.5th percentile
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.

Affected

14 ranges
VendorProductVersion rangeFixed in
aristaeos4.24.0 – 4.24.7m
aristaeos4.25.0 – 4.25.3
aristaeos4.25.4 – 4.25.4m
aristaeos4.25.5 – 4.25.5.1m
aristaeos4.26.0 – 4.26.2f
arista_networkseos4.24.7M – 4.24.2F
arista_networkseos4.25.3 – 4.25.0
arista_networkseos4.25.4M – 4.25.4
arista_networkseos4.25.5.1M – 4.25.5
arista_networkseos4.26.2F – 4.26.0
giflib_projectgiflib>= 0 < 5.1.9-1ubuntu0.15.1.9-1ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.9-2ubuntu0.15.1.9-2ubuntu0.1
giflib_projectgiflib>= 0 < 5.1.4-0.3~16.04.1+esm15.1.4-0.3~16.04.1+esm1
giflib_projectgiflib>= 0 < 5.1.4-2ubuntu0.1+esm15.1.4-2ubuntu0.1+esm1

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:N/I:C/A:C
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.