CVE-2021-28493
First published: Thu Sep 09 2021(Updated: )
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista Metamako Operating System | <=0.32.0 | |
| Arista 7130 |
Remedy
Upgrade to MOS-0.33.0
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-28493.
What is the severity rating for CVE-2021-28493?
The severity rating for CVE-2021-28493 is 7.8 (high).
What is the affected software for CVE-2021-28493?
The affected software for CVE-2021-28493 is Arista Metamako Operating System (all releases in the MOS-0.1x train).
How can this vulnerability be exploited?
Under certain conditions, a user may be able to execute commands despite not having the privileges to do so.
Is Arista 7130 affected by CVE-2021-28493?
No, Arista 7130 is not affected by CVE-2021-28493.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/arista
- canonical/arista metamako operating system
- version/arista metamako operating system/0.32.0
- canonical/arista 7130