First published: Fri Feb 04 2022(Updated: )
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.22<=4.22.9m | |
Arista EOS | >=4.23<=4.23.9 | |
Arista EOS | >=4.24<=4.24.7 | |
Arista EOS | >=4.25<=4.25.5 | |
Arista EOS | >=4.26<=4.26.2 |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. The vulnerability is fixed in the following EOS versions: 4.26.3 and later releases in the 4.26.x train 4.25.6 and later releases in the 4.25.x train 4.24.8 and later releases in the 4.24.x train 4.23.10 and later releases in the 4.24.x train
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-28503 is a vulnerability in Arista's EOS eAPI that allows remote attackers to access the device via eAPI.
The impact of CVE-2021-28503 is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate-based authentication is used.
Remote attackers can exploit CVE-2021-28503 to access the device via eAPI.
CVE-2021-28503 has a severity rating of 9.8 (critical).
To fix CVE-2021-28503, update Arista's EOS to version 4.22.9m, 4.23.9, 4.24.7, 4.25.5, or 4.26.2.