7.5
CWE
863 284
Advisory Published
Updated

CVE-2021-28505: On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

First published: Tue Mar 29 2022(Updated: )

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.

Credit: psirt@arista.com

Affected SoftwareAffected VersionHow to fix
Arista EOS>=4.26<4.26.4m
Arista EOS>=4.27<4.27.1f
Arista Ccs-710p-12
Arista Ccs-710p-16p
Arista Ccs-720xp-24y6
Arista Ccs-720xp-24zy4
Arista Ccs-720xp-48y6
Arista Ccs-720xp-48zc2
Arista Ccs-720xp-96zc2
Arista Ccs-722xpm-48y4
Arista Ccs-722xpm-48zy8
Arista Dcs-7010tx-48
Arista Dcs-7050cx3-32s
Arista Dcs-7050cx3m-32s
Arista Dcs-7050sx3-48c8
Arista Dcs-7050sx3-48yc12
Arista Dcs-7050sx3-48yc8
Arista Dcs-7050sx3-96yc8
Arista Dcs-7050tx3-48c8

Remedy

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2021-28505 has been fixed in the following releases: 4.26.4M and later releases in the 4.26.x train 4.27.1F and later releases in the 4.27.x train

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this Arista EOS vulnerability?

    The vulnerability ID is CVE-2021-28505.

  • What is the severity of CVE-2021-28505?

    The severity of CVE-2021-28505 is high with a CVSS score of 7.5.

  • Which Arista EOS platforms are affected by CVE-2021-28505?

    Arista EOS platforms with versions between 4.26 and 4.26.4m, and between 4.27 and 4.27.1f are affected.

  • What is the impact of CVE-2021-28505?

    The impact of CVE-2021-28505 is that the VXLAN rule and subsequent ACL rules in the affected access list will ignore the specified IP protocol.

  • Is there a fix available for CVE-2021-28505?

    Yes, Arista has provided a fix for CVE-2021-28505. Please refer to the Arista Security Advisory for more information.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203