Lucene search

[email protected]NVD:CVE-2021-28501

HistoryJan 14, 2022 - 8:15 p.m.

CVE-2021-28501

2022-01-1420:15:10

CWE-285

[email protected]

web.nvd.nist.gov

arista eos

aaa api

unrestricted access

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An issue has recently been discovered in Arista EOS where the incorrect use of EOS’s AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Affected configurations

Nvd

Node

aristaterminattrRange≤1.16.2

VendorProductVersionCPE
aristaterminattr*cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arista	terminattr	*	cpe:2.3:a:arista:terminattr::::::::

References

www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-28501

cvelist1 prion1 cve1 arista1