First published: Thu Sep 09 2021(Updated: )
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista Metamako Operating System | >=0.10.0<=0.13.0 | |
Arista Metamako Operating System | >=0.20.0<=0.26.7 | |
Arista Metamako Operating System | >=0.30.0<0.32.0 | |
Arista 7130 |
Upgrade to MOS-0.26.7 or MOS-0.32.0
Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm For detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28495 is a vulnerability in Arista's MOS (Metamako Operating System) software that allows user authentication to be bypassed when API access is enabled via the JSON-RPC APIs.
Arista's Metamako Operating System versions in the MOS-0.1x train from 0.10.0 to 0.13.0, versions from 0.20.0 to 0.26.7, and versions from 0.30.0 to 0.32.0 are affected.
CVE-2021-28495 has a severity rating of 9.8, which is classified as critical.
To fix CVE-2021-28495, it is recommended to apply the necessary patches or updates provided by Arista. Please refer to the vendor's security advisory for specific instructions.
You can find more information about CVE-2021-28495 in Arista's security advisory, which can be accessed at the following link: https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66