CRITICAL✓ PATCH🇬🇧 English

CVE-2021-28500

CVSS 9.1v3.1pub. 2022-01-14upd. 2024-11-21

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Arista Eos

    OS
    Arista
    < 4.204.21.0 – 4.21.14m4.22.0 – 4.22.11m4.23.0 – 4.23.8m4.24.6.0 – 4.24.6m4.25.0 – 4.25.4m4.26.0 – 4.26.1f
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...

CVE-2023-24509CRITICAL9.3ten sam produkt

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having th...

CVE-2021-28506CRITICAL9.1ten sam produkt

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and...

CVE-2020-10188CRITICAL9.8ten sam produkt

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short...