This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.
References
Link | Resource |
---|---|
https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
09 Jun 2022, 19:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077 - Exploit, Vendor Advisory | |
CPE | cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280pr3k-24:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3k-32p4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050cx3-32s-r:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050cx3-32s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3k-32d4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2k-60:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050sx3-48yc12:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3k-24:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:* cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050sx3-96yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr3k-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3k-96:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr2ak-30:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:ccs-722xpm-48zy8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050sx3-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050sx3-48c8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:* cpe:2.3:h:arista:dcs-7050cx3m-32s:-:*:*:*:*:*:*:* cpe:2.3:h:arista:ccs-722xpm-48y4:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:* cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:* |
|
CWE | CWE-319 | |
CVSS |
v2 : v3 : |
v2 : 3.6
v3 : 6.1 |
First Time |
Arista 7280cr2k-60
Arista 7050sx3-48yc Arista 7500r3k-36cq Arista 7280cr3k-96 Arista Arista 7280cr3-32d4 Arista 7280cr3k-32p4 Arista 7280cr2ak-30 Arista 7050sx3-96yc8 Arista dcs-7050sx3-48c8 Arista 7800r3k-48cq Arista dcs-7050cx3-32s Arista 7500r3-24d Arista 7280cr3k-32d4 Arista ccs-722xpm-48zy8 Arista 7280sr3-48yc8 Arista 7280pr3-24 Arista 7500r3 Arista 7280dr3k-24 Arista 7280sr3k-48yc8 Arista dcs-7050sx3-96yc8 Arista 7500r3-24p Arista 7280dr3-24 Arista 7050tx3-48c8 Arista 7800r3-48cq Arista 7050sx3-48c8 Arista 7050cx3-32s Arista dcs-7050sx3-48yc12 Arista 7280r2 Arista ccs-722xpm-48y4 Arista 7280cr3-32p4 Arista 7050sx3-48yc8 Arista 7050sx3-48yc12 Arista terminattr Arista 7050cx3m-32s Arista 7500r3-36cq Arista dcs-7050cx3-32s-r Arista 7800r3-36p Arista 7280cr3-96 Arista 7388x5 Arista eos Arista dcs-7050cx3m-32s Arista 7500r2 Arista dcs-7050sx3-48yc8 Arista 7280pr3k-24 Arista 7280r3 |
26 May 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-28509
Mitre link : CVE-2021-28509
CVE.ORG link : CVE-2021-28509
JSON object : View
Products Affected
arista
- ccs-722xpm-48zy8
- 7500r3k-36cq
- 7280cr3k-32p4
- dcs-7050sx3-48yc8
- 7050sx3-48yc12
- 7050sx3-48yc
- 7050tx3-48c8
- 7800r3k-48cq
- 7050cx3-32s
- 7500r3-24d
- 7500r3
- 7280cr2k-60
- 7280dr3-24
- dcs-7050cx3-32s-r
- ccs-722xpm-48y4
- 7280pr3k-24
- dcs-7050sx3-48yc12
- 7280dr3k-24
- terminattr
- 7280cr2ak-30
- 7050sx3-48yc8
- dcs-7050cx3-32s
- 7500r2
- 7280cr3k-32d4
- eos
- 7050sx3-96yc8
- dcs-7050sx3-48c8
- 7500r3-36cq
- dcs-7050cx3m-32s
- 7280cr3k-96
- 7280cr3-96
- 7280cr3-32d4
- 7500r3-24p
- 7050sx3-48c8
- 7050cx3m-32s
- 7800r3-36p
- 7280r3
- 7280cr3-32p4
- 7280r2
- 7280sr3k-48yc8
- 7388x5
- 7800r3-48cq
- dcs-7050sx3-96yc8
- 7280sr3-48yc8
- 7280pr3-24