EUVD-2021-15179

Malware in sbrugna...

EUVD-2021-15172

Malware in sbrugna...

CVE-2021-28503

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI...

Authentication flaw

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI...

CVE-2021-28503

The CVE-2021-28503 issue affects Arista EOS, where eAPI may skip re-evaluating credentials when certificate-based authentication is used, allowing remote access via eAPI. Affected EOS trains include 4.22.x–4.26.x, with fixes in 4.26.3+, 4.25.6+, 4.24.8+, and 4.23.10+ as per Arista Security Adviso...

Security Advisory 0072

Security Advisory 0072 . CSAF PDF Date: February 2nd, 2022 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | February 2nd, 2022 | Initial Release The CVE-ID tracking this issue: CVE-2021-28503 CVSSv3.1 Base Score: 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H The internal bug tracking...

PT-2022-9895 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: The issue affects Arista's EOS eAPI, allowing it to skip re-evaluating user credentials when certificate-based authentication is used. This enables remote attackers to access the device...

Code injection

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection BFD will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...

CVE-2021-28496 In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device.

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection BFD will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the devic...

CVE-2021-28496

CVE-2021-28496 affects Arista EOS and CloudEOS: when using shared secret profiles, the password used for BiDirection Forwarding Detection (BFD) can be leaked through eAPI/JSON outputs to other authenticated users. Affected EOS trains include all 4.22.x, 4.23.x up to 4.23.9, 4.24.x up to 4.24.7, 4...

Security Advisory 0020

Security Advisory 0020 PDF Date: May 6th, 2016 Version: 1.2 Revision| Date| Changes ---|---|--- 1.0 | May 6th, 2016 | Initial release 1.1 | May 12th, 2016 | Updated to include assessment for CVX and CVP. Change in vulnerability status for CVE-2016-2107. 1.2 | May 20th, 2016 | Updated to include...