CVE-2021-28507

CWE-284Improper Access ControlCWE-863Incorrect Authorization3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 71.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista Networks EOSArista EOS
Timeline
PublishedJan 14
Latest updateJan 15

Description

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NExploitability: 1.2 | Impact: 4.2

Affected Packages2 packages

NVDarista/eos4.23.04.23.9m+10
CVEListV5arista_networks/eos4.26.2F4.26.0+7

Patches

Patch: www.arista.comPatch: www.arista.com

🔴Vulnerability Details

2
GHSA
GHSA-4j73-jx76-fgw8: An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RES2022-01-15
CVEList
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the deni2022-01-14