An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
References
Link | Resource |
---|---|
https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 | Exploit Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jul 2022, 18:47
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
26 Jan 2022, 14:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:arista:eos:4.22.0f:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.21.0f:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.22.1f:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.21.1f:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.21.3f:*:*:*:*:*:*:* |
|
CWE | CWE-863 | |
First Time |
Arista
Arista eos |
|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 7.1 |
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071 - Exploit, Mitigation, Patch, Vendor Advisory |
14 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-14 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-28507
Mitre link : CVE-2021-28507
CVE.ORG link : CVE-2021-28507
JSON object : View
Products Affected
arista
- eos
CWE