CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-28500

CVSS 9.1v3.1pub. 2022-01-14upd. 2024-11-21

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Arista Eos

    OS
    Arista
    < 4.204.21.0 – 4.21.14m4.22.0 – 4.22.11m4.23.0 – 4.23.8m4.24.6.0 – 4.24.6m4.25.0 – 4.25.4m4.26.0 – 4.26.1f
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2014-7169CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...

CVE-2014-6271CRITICAL9.8⚠ KEVten sam produkt

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...

CVE-2023-24509CRITICAL9.3ten sam produkt

On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having th...

CVE-2021-28506CRITICAL9.1ten sam produkt

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and...

CVE-2020-10188CRITICAL9.8ten sam produkt

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short...