Lucene search
AristaCVELIST:CVE-2021-28506HistoryJan 14, 2022 - 7:04 p.m.
CVE-2021-28506 An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
2022-01-1419:04:50
CWE-285
Arista
www.cve.org
2
arista
eos
gnoi
api
authorization
vulnerability
factory reset
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
38.4%
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.
CNA Affected
[
{
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.26.0",
"status": "affected",
"version": "4.26.2F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.5",
"status": "affected",
"version": "4.25.5.1M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.4",
"status": "affected",
"version": "4.25.4M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.25.0",
"status": "affected",
"version": "4.25.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.24.2F",
"status": "affected",
"version": "4.24.7M",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authentication flaw
2022-01-14 20:15:00
cve
cve
CVE-2021-28506
2022-01-14 20:15:10
nvd
nvd
CVE-2021-28506
2022-01-14 20:15:10
arista
arista
Security Advisory 0071
2022-01-11 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AI Score
9.6
Confidence
High
EPSS
0.001
Percentile
38.4%
Related for CVELIST:CVE-2021-28506