First published: Thu Sep 09 2021(Updated: )
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista Metamako Operating System | <=0.26.6 | |
Arista Metamako Operating System | >=0.31.0<0.32.0 | |
Arista 7130 |
Upgrade to MOS-0.26.7 or MOS-0.32.0
Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm For detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28497 is a vulnerability that affects Arista's MOS (Metamako Operating System) software on the 7130 product line.
CVE-2021-28497 has a severity rating of 7.8 (high).
CVE-2021-28497 allows unprivileged users to access the bash shell in situations where they should not have access.
CVE-2021-28497 affects all releases up to and including 0.26.6 of Arista Metamako Operating System, as well as releases from 0.31.0 to 0.32.0 (excluding 0.32.0).
For more information on CVE-2021-28497, refer to the Arista Security Advisory 65 at https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65.