CVE-2021-28500

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

History

24 Oct 2022, 16:39

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-Other

28 Jan 2022, 21:02

Type Values Removed Values Added
CPE cpe:2.3:a:arista:eos:*:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 - Exploit, Vendor Advisory (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 - Exploit, Mitigation, Patch, Vendor Advisory

22 Jan 2022, 01:13

Type Values Removed Values Added
CPE cpe:2.3:a:arista:eos:*:*:*:*:*:*:*:*
CWE CWE-863
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.9
v3 : 7.8

14 Jan 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-14 20:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-28500

Mitre link : CVE-2021-28500

CVE.ORG link : CVE-2021-28500


JSON object : View

Products Affected

arista

  • eos
CWE
NVD-CWE-Other CWE-285

Improper Authorization