52 matches found
CVE-2021-28507
The CVE-2021-28507 issue in Arista EOS concerns bypass of the service ACL for OpenConfig gNMI/gNOI (and OpenConfig RESTCONF) under certain conditions, causing denied requests to be forwarded to the agent. Affected product: Arista EOS with OpenConfig transport protocols. Root cause: service ACL by...
CVE-2021-28501
The CVE-2021-28501 issue in Arista EOS concerns the incorrect use of EOS AAA APIs by the OpenConfig and TerminAttr agents, which could allow unrestricted access for local users configured with nopassword. Connected advisories confirm this affects OpenConfig gNMI/gNOI and TerminAttr and provide co...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
PT-2022-9893 · Arista · Arista Eos
Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: An issue has been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local...
Security Advisory 0071
Security Advisory 0071 . CSAF PDF Date: January 11th, 2022 Revision | Date | Changes ---|---|--- 1.0 | January 11th, 2022 | Initial release Security Advisory 0071 The CVE-ID tracking this issue: CVE-2021-28500 CVSSv3.1 Base Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H The CVE-ID tracki...
Security Advisory 0046
Security Advisory 0046 PDF Date: March 23, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | March 23, 2020 | Initial Release The CVE-IDs tracking this issue: CVE-2019-17596 CVSSv3 Base Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description: This advisory documents the exposure of...
PT-2019-3016 · Google +10 · Golang.Org/X/Net/Http2 +11
Name of the Vulnerable Software and Affected Versions: HTTP/2 implementations affected versions not specified golang.org/x/net/http2 affected versions not specified Arista’s EOS affected versions not specified Arista’s CloudVision Portal affected versions not specified Access Points with OpenConf...
Xxe
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...
CVE-2018-1000616
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml that can result in An adversary can remotely launch XXE attacks on ONOS controller via an...