vulnerability

security-advisory-0072

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Feb 2, 2022

Added

Sep 4, 2024

Modified

Jan 14, 2026

Description

This advisory documents the impact of an internally found vulnerability in Arista's EOS software. The impact of this vulnerability is that eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

Solution

upgrade-solution-cve-2021-28503

References

CVE-2021-28503
https://attackerkb.com/topics/CVE-2021-28503
https://www.arista.com//en/support/advisories-notices/security-advisory/13605-security-advisory-0072

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report