Arista Networks Terminattr vulnerabilities

CVE-2023-24512 [HIGH] CWE-284 CVE-2023-24512: On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI re On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: T

CVE-2021-28501 [CRITICAL] CWE-285 CVE-2021-28501: An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by th An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.