CVE-2021-28504: On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...
First published: Fri Apr 01 2022(Updated: )
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista EOS | >=4.26<4.26.4m | |
| Arista EOS | >=4.27<4.27.1f | |
| Arista Ccs-710p-12 | ||
| Arista Ccs-710p-16p | ||
| Arista Ccs-720xp-24y6 | ||
| Arista Ccs-720xp-24zy4 | ||
| Arista Ccs-720xp-48y6 | ||
| Arista Ccs-720xp-48zc2 | ||
| Arista Ccs-720xp-96zc2 | ||
| Arista Ccs-722xpm-48y4 | ||
| Arista Ccs-722xpm-48zy8 | ||
| Arista Dcs-7010tx-48 | ||
| Arista Dcs-7050cx3-32s | ||
| Arista Dcs-7050cx3m-32s | ||
| Arista Dcs-7050sx3-48c8 | ||
| Arista Dcs-7050sx3-48yc12 | ||
| Arista Dcs-7050sx3-48yc8 | ||
| Arista Dcs-7050sx3-96yc8 | ||
| Arista Dcs-7050tx3-48c8 |
Remedy
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2021-28504 has been fixed in the following releases: 4.26.4F and later releases in the 4.26.x train 4.27.1M and later releases in the 4.27.x train
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Arista Strata family products vulnerability?
The vulnerability ID for this Arista Strata family products vulnerability is CVE-2021-28504.
How does the vulnerability impact Arista Strata family products?
The vulnerability impacts Arista Strata family products with the "TCAM profile" feature enabled.
Which version of Arista EOS is affected by this vulnerability?
The vulnerability affects Arista EOS versions 4.26 to 4.26.4m and 4.27 to 4.27.1f.
What is the severity of CVE-2021-28504?
The severity of CVE-2021-28504 is high, with a severity value of 7.5.
How can I fix this vulnerability?
To fix this vulnerability, update your Arista EOS software to a version that is not vulnerable.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/arista
- canonical/arista eos
- version/arista eos/4.26
- version/arista eos/4.27
- canonical/arista ccs-710p-12
- canonical/arista ccs-710p-16p
- canonical/arista ccs-720xp-24y6
- canonical/arista ccs-720xp-24zy4
- canonical/arista ccs-720xp-48y6
- canonical/arista ccs-720xp-48zc2
- canonical/arista ccs-720xp-96zc2
- canonical/arista ccs-722xpm-48y4
- canonical/arista ccs-722xpm-48zy8
- canonical/arista dcs-7010tx-48
- canonical/arista dcs-7050cx3-32s
- canonical/arista dcs-7050cx3m-32s
- canonical/arista dcs-7050sx3-48c8
- canonical/arista dcs-7050sx3-48yc12
- canonical/arista dcs-7050sx3-48yc8
- canonical/arista dcs-7050sx3-96yc8
- canonical/arista dcs-7050tx3-48c8