CVE-2021-28499
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.8%
In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
Affected configurations
CNA Affected
[
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.18*",
"status": "affected",
"version": "MOS-0.18",
"versionType": "custom"
},
{
"lessThan": "MOS-0.32.0",
"status": "affected",
"version": "MOS-0.32.0",
"versionType": "custom"
}
]
}
]Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.8%