vulnerability
security-advisory-0077
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:S/C:P/I:P/A:N) | May 25, 2022 | Sep 4, 2024 | Apr 29, 2025 |
Severity
4
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:N)
Published
May 25, 2022
Added
Sep 4, 2024
Modified
Apr 29, 2025
Description
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr or Octa might leak IPsec (CVE-2021-28508) and MACsec (CVE-2021-28509) sensitive data in clear text to CloudVisions's authorized users or authorized gNMI clients. The leaked data could allow IPsec and MACsec traffic to be decrypted or modified. This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.
Solution
upgrade-solution-CVE-2021-28508
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.