vulnerability

security-advisory-0071

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Jan 11, 2022	Sep 4, 2024	Apr 29, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Jan 11, 2022

Added

Sep 4, 2024

Modified

Apr 29, 2025

Description

This advisory documents the impact of several vulnerabilities related to OpenConfig transport protocols in Arista's EOS software. The issues include incorrect use of EOS's AAA API's by the OpenConfig and TerminAttr agents that could result in unrestricted access to the device for local users with nopassword configuration, gNOI APIs incorrectly skipping authorization and authentication potentially allowing factory reset of the device, and conditions where service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed.

Solution

upgrade-solution-CVE-2021-28507

References

CVE-2021-28507
https://attackerkb.com/topics/CVE-2021-28507
URL-https://www.arista.com//en/support/advisories-notices/security-advisory/13449-security-advisory-0071

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today