First published: Tue Mar 29 2022(Updated: )
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.26<4.26.4m | |
Arista EOS | >=4.27<4.27.1f | |
Arista Ccs-710p-12 | ||
Arista Ccs-710p-16p | ||
Arista Ccs-720xp-24y6 | ||
Arista Ccs-720xp-24zy4 | ||
Arista Ccs-720xp-48y6 | ||
Arista Ccs-720xp-48zc2 | ||
Arista Ccs-720xp-96zc2 | ||
Arista Ccs-722xpm-48y4 | ||
Arista Ccs-722xpm-48zy8 | ||
Arista Dcs-7010tx-48 | ||
Arista Dcs-7050cx3-32s | ||
Arista Dcs-7050cx3m-32s | ||
Arista Dcs-7050sx3-48c8 | ||
Arista Dcs-7050sx3-48yc12 | ||
Arista Dcs-7050sx3-48yc8 | ||
Arista Dcs-7050sx3-96yc8 | ||
Arista Dcs-7050tx3-48c8 |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. CVE-2021-28505 has been fixed in the following releases: 4.26.4M and later releases in the 4.26.x train 4.27.1F and later releases in the 4.27.x train
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-28505.
The severity of CVE-2021-28505 is high with a CVSS score of 7.5.
Arista EOS platforms with versions between 4.26 and 4.26.4m, and between 4.27 and 4.27.1f are affected.
The impact of CVE-2021-28505 is that the VXLAN rule and subsequent ACL rules in the affected access list will ignore the specified IP protocol.
Yes, Arista has provided a fix for CVE-2021-28505. Please refer to the Arista Security Advisory for more information.