CVE-2021-28496
MEDIUMArista EOS 4.22-4.26.1 Authenticated Password Exposure via eAPI
Title source: llmDescription
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069
Scores
CVSS v3
5.7
EPSS
0.0042
EPSS Percentile
33.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-522
CWE-311
Status
published
Products (1)
arista/eos
4.22 - 4.22.7m
Published
Oct 21, 2021
Tracked Since
Feb 18, 2026