CVE-2021-28507

MEDIUM

Arista EOS 4.23.0-4.23.9m - Improper Access Control via OpenConfig gNOI and RESTCONF Service ACL Bypass

Title source: llm
STIX 2.1

Description

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0067
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Details

CWE
CWE-284
Status published
Products (6)
arista/eos 4.21.0f
arista/eos 4.21.1f
arista/eos 4.21.3f
arista/eos 4.22.0f
arista/eos 4.22.1f
arista/eos 4.23.0 - 4.23.9m
Published Jan 14, 2022
Tracked Since Feb 18, 2026