CVE-2021-28496

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

History

30 Jul 2022, 12:29

Type Values Removed Values Added
CWE CWE-311 CWE-522

28 Oct 2021, 16:48

Type Values Removed Values Added
CWE CWE-311
CPE cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069 - Vendor Advisory

21 Oct 2021, 17:28

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-21 17:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-28496

Mitre link : CVE-2021-28496

CVE.ORG link : CVE-2021-28496


JSON object : View

Products Affected

arista

  • eos
CWE
CWE-522

Insufficiently Protected Credentials

CWE-311

Missing Encryption of Sensitive Data