vulnerability

security-advisory-0073

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Mar 29, 2022	Sep 4, 2024	Apr 29, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Mar 29, 2022

Added

Sep 4, 2024

Modified

Apr 29, 2025

Description

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

Solution

upgrade-solution-CVE-2021-28505

References

CVE-2021-28505
https://attackerkb.com/topics/CVE-2021-28505
URL-https://www.arista.com//en/support/advisories-notices/security-advisory/15267-security-advisory-0073

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today