First published: Fri Apr 01 2022(Updated: )
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.26<4.26.4m | |
Arista EOS | >=4.27<4.27.1f | |
Arista Ccs-710p-12 | ||
Arista Ccs-710p-16p | ||
Arista Ccs-720xp-24y6 | ||
Arista Ccs-720xp-24zy4 | ||
Arista Ccs-720xp-48y6 | ||
Arista Ccs-720xp-48zc2 | ||
Arista Ccs-720xp-96zc2 | ||
Arista Ccs-722xpm-48y4 | ||
Arista Ccs-722xpm-48zy8 | ||
Arista Dcs-7010tx-48 | ||
Arista Dcs-7050cx3-32s | ||
Arista Dcs-7050cx3m-32s | ||
Arista Dcs-7050sx3-48c8 | ||
Arista Dcs-7050sx3-48yc12 | ||
Arista Dcs-7050sx3-48yc8 | ||
Arista Dcs-7050sx3-96yc8 | ||
Arista Dcs-7050tx3-48c8 |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2021-28504 has been fixed in the following releases: 4.26.4F and later releases in the 4.26.x train 4.27.1M and later releases in the 4.27.x train
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Arista Strata family products vulnerability is CVE-2021-28504.
The vulnerability impacts Arista Strata family products with the "TCAM profile" feature enabled.
The vulnerability affects Arista EOS versions 4.26 to 4.26.4m and 4.27 to 4.27.1f.
The severity of CVE-2021-28504 is high, with a severity value of 7.5.
To fix this vulnerability, update your Arista EOS software to a version that is not vulnerable.