Lucene search

AristaCVELIST:CVE-2021-28493

HistorySep 09, 2021 - 12:45 p.m.

CVE-2021-28493

2021-09-0912:45:32

CWE-287

Arista

www.cve.org

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

In Arista’s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases

CNA Affected

[
  {
    "platforms": [
      "Arista 7130 Systems running MOS"
    ],
    "product": "Metamako Operating System",
    "vendor": "Arista",
    "versions": [
      {
        "lessThan": "MOS-0.33.0",
        "status": "affected",
        "version": "MOS-0.33.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2021-28493