vulnerability

security-advisory-0071

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Jan 11, 2022	Sep 4, 2024	Jan 14, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Jan 11, 2022

Added

Sep 4, 2024

Modified

Jan 14, 2026

Description

This advisory documents the impact of several vulnerabilities related to OpenConfig transport protocols in Arista's EOS software. The issues include incorrect use of EOS's AAA API's by the OpenConfig and TerminAttr agents that could result in unrestricted access to the device for local users with nopassword configuration, gNOI APIs incorrectly skipping authorization and authentication potentially allowing factory reset of the device, and conditions where service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed.

Solution

upgrade-solution-cve-2021-28507

References

CVE-2021-28507
https://attackerkb.com/topics/CVE-2021-28507
https://www.arista.com//en/support/advisories-notices/security-advisory/13449-security-advisory-0071

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report