First published: Fri Jan 14 2022(Updated: )
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
Credit: psirt@arista.com
Affected Software | Affected Version | How to fix |
---|---|---|
Arista EOS | >=4.23.0<=4.23.9m | |
Arista EOS | >=4.24.0<=4.24.7m | |
Arista EOS | >=4.25.0<=4.25.3 | |
Arista EOS | >=4.25.4<=4.25.4m | |
Arista EOS | >=4.25.5<=4.25.5.1m | |
Arista EOS | >=4.26.0<=4.26.2f | |
Arista EOS | =4.21.0f | |
Arista EOS | =4.21.1f | |
Arista EOS | =4.21.3f | |
Arista EOS | =4.22.0f | |
Arista EOS | =4.22.1f |
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release. CVE-2021-28507 has been fixed in the following releases: 4.26.3M and later releases in the 4.26.x train 4.25.6M and later releases in the 4.25.x train 4.25.4.1M and later releases in the 4.25.4.x train 4.24.8M and later releases in the 4.24.x train 4.23.10M and later releases in the 4.23.x train
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2021-28507.
The title of this vulnerability is 'An issue has recently been discovered in Arista EOS where under certain conditions the service ACL c…'
The severity of CVE-2021-28507 is high with a CVSS score of 7.1.
The affected software is Arista EOS versions 4.23.0 to 4.23.9m, 4.24.0 to 4.24.7m, 4.25.0 to 4.25.3, 4.25.4, 4.25.5 to 4.25.5.1m, and 4.26.0 to 4.26.2f.
To fix CVE-2021-28507, update your Arista EOS software to a version that is not affected by the vulnerability.