CVE-2021-28503

HIGH

Arista EOS - Privilege Escalation

Title source: llm

Description

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

References (1)

[Mitigation, Patch, Vendor Advisory] https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072

Scores

CVSS v3 7.4

EPSS 0.0040

EPSS Percentile 60.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-305 CWE-287

Status published

Products (1)

arista/eos 4.22 - 4.22.9m

Published Feb 04, 2022

Tracked Since Feb 18, 2026