First published: Thu Sep 09 2021(Updated: )
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista Metamako Operating System | >=0.10.0<=0.18.0 | |
Arista Metamako Operating System | >=0.20.0<0.32.0 | |
Arista 7130 |
Upgrade to MOS-0.32.0
Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm For detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in Arista's MOS is CVE-2021-28499.
CVE-2021-28499 has a severity rating of 5.5 (medium).
Arista Metamako Operating System versions 0.10.0 to 0.18.0 are affected.
In Arista's MOS, user account passwords set in clear text could leak to users without any password.
You can find more information about this vulnerability in the Arista Security Advisory at this link: [link](https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64)