vulnerability
security-advisory-0077
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:S/C:P/I:P/A:N) | May 25, 2022 | Sep 4, 2024 | Jan 14, 2026 |
Severity
4
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:N)
Published
May 25, 2022
Added
Sep 4, 2024
Modified
Jan 14, 2026
Description
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr or Octa might leak IPsec (CVE-2021-28508) and MACsec (CVE-2021-28509) sensitive data in clear text to CloudVisions's authorized users or authorized gNMI clients. The leaked data could allow IPsec and MACsec traffic to be decrypted or modified. This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.
Solution
upgrade-solution-cve-2021-28509
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.