CVE-2021-28507
MEDIUMArista EOS 4.23.0-4.23.9m - Improper Access Control via OpenConfig gNOI and RESTCONF Service ACL Bypass
Title source: llmDescription
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
References (1)
Core 1
Core References
Exploit, Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071
Scores
CVSS v3
5.5
EPSS
0.0067
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (6)
arista/eos
4.21.0f
arista/eos
4.21.1f
arista/eos
4.21.3f
arista/eos
4.22.0f
arista/eos
4.22.1f
arista/eos
4.23.0 - 4.23.9m
Published
Jan 14, 2022
Tracked Since
Feb 18, 2026