All the vulnerabilites related to arista - 7130
cve-2021-28498
Vulnerability from cvelistv5
Published
2021-09-09 12:38
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.13 < MOS-0.13* Version: MOS-0.26.7 < MOS-0.26.7 Version: MOS-0.32.0 < MOS-0.32.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.13*",
"status": "affected",
"version": "MOS-0.13",
"versionType": "custom"
},
{
"lessThan": "MOS-0.26.7",
"status": "affected",
"version": "MOS-0.26.7",
"versionType": "custom"
},
{
"lessThan": "MOS-0.32.0",
"status": "affected",
"version": "MOS-0.32.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255 Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:38:21",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003e=",
"version_name": "MOS-0.13",
"version_value": "MOS-0.13"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.26.7",
"version_value": "MOS-0.26.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.32.0",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28498",
"datePublished": "2021-09-09T12:38:21",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24510
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 17:46
Severity ?
EPSS score ?
Summary
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | Arista EOS |
Version: 4.25.0F < Version: 4.26.0F < Version: 4.27.0F < Version: 4.28.0F < Version: 4.29.0F < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:46:21.374238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:46:55.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Arista EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.25.10M",
"status": "affected",
"version": "4.25.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.26.9M",
"status": "affected",
"version": "4.26.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.27.9M",
"status": "affected",
"version": "4.27.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.28.6.1M",
"status": "affected",
"version": "4.28.0F",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.1F",
"status": "affected",
"version": "4.29.0F",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "In order to be vulnerable to CVE-2023-24510, the following condition must be met:\nAt least two \u201cip helper-address\u201d commands for the DHCP server are configured on the same interface.\n \u2013 Scenario One: One command uses \u201csource-interface\u201d, with or without being in a VRF. The second command does not use a source-interface and does not use a VRF.\n \u2013 Scenario Two: One command is run inside of a VRF. The second command does not use a source-interface and does not use a VRF."
}
],
"datePublic": "2023-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T00:00:00",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
}
],
"solutions": [
{
"lang": "en",
"value": "CVE-2023-24510 has been fixed in the following releases:\n - 4.29.2F and later releases in the 4.29.x train\n - 4.28.7M and later releases in the 4.28.x train\n - 4.27.10M and later releases in the 4.27.x train\n - 4.26.10M and later releases in the 4.26.x train"
}
],
"source": {
"advisory": "Security Advisory 0087",
"defect": [
"BUG753188"
],
"discovery": "INTERNAL"
},
"title": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.",
"workarounds": [
{
"lang": "en",
"value": "The hotfix https://www.arista.com/support/advisories-notices/sa-download?sa=87-SecurityAdvisory87_Hotfix.swix can be used to remediate CVE-2023-24510. The hotfix only applies to the releases listed below and no other releases:\n - 4.29.1F and below releases in the 4.29.x train\n - 4.28.6.1M and below releases in the 4.28.x train\n - 4.27.9M and below releases in the 4.27.x train\n - 4.26.9M and below releases in the 4.26.x train\n - 4.25.10M and below releases in the 4.25.x train"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24510",
"datePublished": "2023-06-05T00:00:00",
"dateReserved": "2023-01-24T00:00:00",
"dateUpdated": "2025-01-08T17:46:55.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28495
Vulnerability from cvelistv5
Published
2021-09-09 12:43
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.13 < MOS-0.13* Version: MOS-0.26.7 < MOS-0.26.7 Version: MOS-0.32.0 < MOS-0.32.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.13*",
"status": "affected",
"version": "MOS-0.13",
"versionType": "custom"
},
{
"lessThan": "MOS-0.26.7",
"status": "affected",
"version": "MOS-0.26.7",
"versionType": "custom"
},
{
"lessThan": "MOS-0.32.0",
"status": "affected",
"version": "MOS-0.32.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:43:57",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003e=",
"version_name": "MOS-0.13",
"version_value": "MOS-0.13"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.26.7",
"version_value": "MOS-0.26.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.32.0",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28495",
"datePublished": "2021-09-09T12:43:57",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28494
Vulnerability from cvelistv5
Published
2021-09-09 12:46
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.35.0 < MOS-0.35.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:31.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.35.0",
"status": "affected",
"version": "MOS-0.35.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:46:58",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.35.0\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.35.0",
"version_value": "MOS-0.35.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.35.0\n"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28494",
"datePublished": "2021-09-09T12:46:58",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:31.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-24547
Vulnerability from cvelistv5
Published
2023-12-05 23:29
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista Networks | MOS |
Version: 0.13.0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "0.39.4",
"status": "affected",
"version": "0.13.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2023-24547 the following condition must be met:\u003c/p\u003e\u003cp\u003eA BGP password must be configured and be in plain text. An example of this is shown below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show running-config bgp\nrouter bgp 65000\n\u0026nbsp; \u0026nbsp;neighbor 192.0.2.1 remote-as 66000\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eneighbor 192.0.2.1 password pA$$w0rd\u003c/span\u003e\n\u003c/pre\u003e\u003cp\u003eIf a BGP password is not configured there is no exposure to this issue.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2023-24547 the following condition must be met:\n\nA BGP password must be configured and be in plain text. An example of this is shown below:\n\nswitch\u003eshow running-config bgp\nrouter bgp 65000\n\u00a0 \u00a0neighbor 192.0.2.1 remote-as 66000\n\u00a0 \u00a0neighbor 192.0.2.1 password pA$$w0rd\n\n\nIf a BGP password is not configured there is no exposure to this issue.\n\n\n"
}
],
"datePublic": "2023-12-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device\u2019s running config. \u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device\u2019s running config. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cwe-212",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T23:29:01.375Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://mako.arista.com/dyn/softwareportal/artefact/3688/mos-0.39.1-userguide.pdf\"\u003eMOS User Guide: Updating\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-24547 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMOS-0.36.10 and later releases in the MOS-0.36.x train\u003c/li\u003e\u003cli\u003eMOS-0.39.4 and later releases in the MOS-0.39.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBecause this issue would cause the password to be saved in logs and remote AAA servers it is recommended to also rotate the BGP password, if possible. Upon upgrading to a new release, the BGP password will be obfuscated with the type-7 algorithm as shown below:\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show running-config bgp\nrouter bgp 65000\n\u0026nbsp; \u0026nbsp;neighbor 192.0.2.1 remote-as 66000\n\u0026nbsp; \u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eneighbor 192.0.2.1 password key 7 00143242404C5B140B\u003c/span\u003e\n\u003c/pre\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see the MOS User Guide: Updating https://mako.arista.com/dyn/softwareportal/artefact/3688/mos-0.39.1-userguide.pdf \n\nCVE-2023-24547 has been fixed in the following releases:\n\n * MOS-0.36.10 and later releases in the MOS-0.36.x train\n * MOS-0.39.4 and later releases in the MOS-0.39.x train\n\n\nBecause this issue would cause the password to be saved in logs and remote AAA servers it is recommended to also rotate the BGP password, if possible. Upon upgrading to a new release, the BGP password will be obfuscated with the type-7 algorithm as shown below:\n\nswitch\u003eshow running-config bgp\nrouter bgp 65000\n\u00a0 \u00a0neighbor 192.0.2.1 remote-as 66000\n\u00a0 \u00a0neighbor 192.0.2.1 password key 7 00143242404C5B140B\n\n\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-24547. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003eMOS-0.39.3 and below releases in the MOS-0.39.x train\u003c/li\u003e\u003cli\u003eMOS-0.38.1 and below releases in the MOS-0.38.x train\u003c/li\u003e\u003cli\u003eMOS-0.37.1 and below releases in the MOS-0.37.x train\u003c/li\u003e\u003cli\u003eMOS-0.36.9 and below releases in the MOS-0.36.x train\u003c/li\u003e\u003cli\u003eMOS-0.35.3 and below releases in the MOS-0.35.x train\u003c/li\u003e\u003cli\u003eMOS-0.34.0 in the MOS-0.34.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003ePlease note that the only MOS release trains currently under maintenance support are MOS-0.39.x and MOS-0.36.x. The hotfix working for other releases should not be treated as evidence that these releases continue to be supported. For security it is important to ensure supported releases are used.\u003c/p\u003e\u003cpre\u003eVersion: 1.0\nURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://artifacts.metamako.com/artifactory/releases/hotfix/4.0.0/hotfix-cve-2023-24547-4.0.0-1.14.core2_64.rpm\"\u003ehotfix-cve-2023-24547-4.0.0-1.14.core2_64.rpm\u003c/a\u003e\nSWIX hash:(SHA512)\n168b2ee3deb8d4a3151b9c24936ff9d6523557b366ceffc98e57e8bf80638997\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-24547. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * MOS-0.39.3 and below releases in the MOS-0.39.x train\n * MOS-0.38.1 and below releases in the MOS-0.38.x train\n * MOS-0.37.1 and below releases in the MOS-0.37.x train\n * MOS-0.36.9 and below releases in the MOS-0.36.x train\n * MOS-0.35.3 and below releases in the MOS-0.35.x train\n * MOS-0.34.0 in the MOS-0.34.x train\n\n\nPlease note that the only MOS release trains currently under maintenance support are MOS-0.39.x and MOS-0.36.x. The hotfix working for other releases should not be treated as evidence that these releases continue to be supported. For security it is important to ensure supported releases are used.\n\nVersion: 1.0\nURL: hotfix-cve-2023-24547-4.0.0-1.14.core2_64.rpm https://artifacts.metamako.com/artifactory/releases/hotfix/4.0.0/hotfix-cve-2023-24547-4.0.0-1.14.core2_64.rpm \nSWIX hash:(SHA512)\n168b2ee3deb8d4a3151b9c24936ff9d6523557b366ceffc98e57e8bf80638997\n\n\n\u00a0\n\n\n"
}
],
"source": {
"advisory": "90",
"defect": [
"BUG868319",
"BUG873034",
"MOS-2222",
"MOS-2255."
],
"discovery": "INTERNAL"
},
"title": "On Arista MOS configuration of a BGP password will cause the password to be logged in clear text.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo mitigation exists.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "No mitigation exists.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2023-24547",
"datePublished": "2023-12-05T23:29:01.375Z",
"dateReserved": "2023-01-26T11:37:43.827Z",
"dateUpdated": "2024-08-02T11:03:18.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28499
Vulnerability from cvelistv5
Published
2021-09-09 12:38
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.18 < MOS-0.18* Version: MOS-0.32.0 < MOS-0.32.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.18*",
"status": "affected",
"version": "MOS-0.18",
"versionType": "custom"
},
{
"lessThan": "MOS-0.32.0",
"status": "affected",
"version": "MOS-0.32.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-255",
"description": "CWE-255 Credentials Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:38:50",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003e=",
"version_name": "MOS-0.18",
"version_value": "MOS-0.18"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.32.0",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28499",
"datePublished": "2021-09-09T12:38:50",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28493
Vulnerability from cvelistv5
Published
2021-09-09 12:45
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.33.0 < MOS-0.33.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:31.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.33.0",
"status": "affected",
"version": "MOS-0.33.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:45:32",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.33.0\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.33.0",
"version_value": "MOS-0.33.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.33.0\n"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28493",
"datePublished": "2021-09-09T12:45:32",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:31.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28497
Vulnerability from cvelistv5
Published
2021-09-09 12:41
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Arista | Metamako Operating System |
Version: MOS-0.26.7 < MOS-0.16.7 Version: MOS-0.32.0 < MOS-0.32.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Arista 7130 Systems running MOS"
],
"product": "Metamako Operating System",
"vendor": "Arista",
"versions": [
{
"lessThan": "MOS-0.16.7",
"status": "affected",
"version": "MOS-0.26.7",
"versionType": "custom"
},
{
"lessThan": "MOS-0.32.0",
"status": "affected",
"version": "MOS-0.32.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T12:41:37",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2021-28497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.26.7",
"version_value": "MOS-0.16.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_affected": "\u003c",
"version_name": "MOS-0.32.0",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "en",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2021-28497",
"datePublished": "2021-09-09T12:41:37",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE6E4B1-F1AD-4187-B235-838C04F715FD",
"versionEndIncluding": "0.18.0",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E289CB70-0C19-4CC6-A6E0-202A207A22A2",
"versionEndExcluding": "0.32.0",
"versionStartIncluding": "0.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
},
{
"lang": "es",
"value": "En el software MOS (Metamako Operating System) de Arista, que es compatible con la l\u00ednea de productos 7130, las contrase\u00f1as de las cuentas de usuario ajustadas en texto sin cifrar podr\u00edan filtrarse a usuarios sin contrase\u00f1a. Este problema afecta: Sistema Operativo Metamako de Arista MOS-0.18 y versiones posteriores MOS-0.1x train Todas las versiones en MOS-0.2x train MOS-0.31.1 y versiones anteriores en MOS-0.3x train"
}
],
"id": "CVE-2021-28499",
"lastModified": "2024-11-21T05:59:47.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 3.7,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:09.620",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-06 00:15
Modified
2024-11-21 07:48
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | mos | * | |
| arista | 7130 | - | |
| arista | 7130-16g3s | - | |
| arista | 7130-48g3s | - | |
| arista | 7130-96s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "924F1DE2-DEEB-4CC8-97CA-8D9B5E53F4BF",
"versionEndIncluding": "0.39.4",
"versionStartIncluding": "0.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFA321D-F4A5-434C-BB39-D2B2687001D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3264E086-4E90-41D0-8583-8FCF3CE4885D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device\u2019s running config. \n"
},
{
"lang": "es",
"value": "En las plataformas afectadas que ejecutan Arista MOS, la configuraci\u00f3n de una contrase\u00f1a BGP har\u00e1 que la contrase\u00f1a se registre en texto plano que los usuarios autenticados pueden revelar en registros locales o servidores de registro remotos, adem\u00e1s de aparecer en texto plano en la configuraci\u00f3n en ejecuci\u00f3n del dispositivo."
}
],
"id": "CVE-2023-24547",
"lastModified": "2024-11-21T07:48:05.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-06T00:15:07.030",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
8.7 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B89974C-FC70-4BA1-B700-2F0E1A448939",
"versionEndIncluding": "0.13.0",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27248149-FE2F-4775-9DA8-4841C25B1864",
"versionEndExcluding": "0.26.7",
"versionStartIncluding": "0.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C66AFCAE-47B5-47D5-96AF-C0986611A4C0",
"versionEndExcluding": "0.32.0",
"versionStartIncluding": "0.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
},
{
"lang": "es",
"value": "En el software MOS (Metamako Operating System) de Arista, compatible con la l\u00ednea de productos 7130, las contrase\u00f1as de habilitaci\u00f3n de usuarios ajustadas en texto sin cifrar podr\u00edan resultar en que usuarios no privilegiados obtuvieran acceso completo a los sistemas. Este problema afecta a: Sistema Operativo Arista Metamako MOS-0.13 y versiones posteriores en MOS-0.1x train MOS-0.26.6 y versiones anteriores en MOS-0.2x train MOS-0.31.1 y versiones anteriores en MOS-0.3x train"
}
],
"id": "CVE-2021-28498",
"lastModified": "2024-11-21T05:59:47.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:09.433",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B89974C-FC70-4BA1-B700-2F0E1A448939",
"versionEndIncluding": "0.13.0",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A83336C6-BEDD-4A4B-8A4D-D230274BC9BC",
"versionEndIncluding": "0.26.7",
"versionStartIncluding": "0.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679CE6C2-27E1-4C2C-BF0C-51B158870F6B",
"versionEndExcluding": "0.32.0",
"versionStartIncluding": "0.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
},
{
"lang": "es",
"value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, la autenticaci\u00f3n del usuario puede omitirse cuando se habilita el acceso a la API por medio de las API JSON-RPC. Este problema afecta a: Sistema Operativo Arista Metamako Todas las versiones MOS-0.1x train MOS-0.13 y posteriores en MOS-0.1x train MOS-0.26.6 y posteriores en MOS-0.2x train MOS-0.31.1 y posteriores en MOS-0.3x train"
}
],
"id": "CVE-2021-28495",
"lastModified": "2024-11-21T05:59:46.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:09.103",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB89E3B-DBD9-433C-BF75-DF055380A9F6",
"versionEndIncluding": "0.26.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C66AFCAE-47B5-47D5-96AF-C0986611A4C0",
"versionEndExcluding": "0.32.0",
"versionStartIncluding": "0.31.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
},
{
"lang": "es",
"value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, el shell bash podr\u00eda ser accesible a usuarios no privilegiados en situaciones en las que no deber\u00edan tener acceso. Este problema afecta a: Sistema Operativo Metamako de Arista Todas las versiones MOS-0.1x train MOS-0.26.6 y versiones inferiores en MOS-0.2x train MOS-0.31.1 y versiones inferiores en MOS-0.3x train"
}
],
"id": "CVE-2021-28497",
"lastModified": "2024-11-21T05:59:47.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:09.210",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 22:15
Modified
2024-11-21 07:48
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EBD228-42BD-48F2-A9FA-C7F007A401A3",
"versionEndIncluding": "4.25.10m",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341CA00E-8BDE-4BF9-90D4-7B07FC484D18",
"versionEndExcluding": "4.26.10m",
"versionStartIncluding": "4.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65C3AA23-CE24-48EE-B471-A03F451C6F35",
"versionEndExcluding": "4.27.10m",
"versionStartIncluding": "4.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255A4F4F-1563-4557-BCBB-3BB1309A8889",
"versionEndExcluding": "4.28.7m",
"versionStartIncluding": "4.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24621B26-04A1-4693-BCB4-437544C08B50",
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista:ceos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6833D11-7AB5-41CC-83AE-FE28913DDFB8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arista:cloudeos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "362F2E0F-3D40-444F-87F3-21CA70B1AD04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:arista:veos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D0B16F-F18E-48F9-87A5-AE0D9E5C3FAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC3D5B4-3B6F-4F15-9CAA-B0D08B53FFC6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010t-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCF6152-815E-4B3C-AE4B-CA598BEBD020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E00C871-8EB3-4241-95F3-83A524A79FB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7010tx-48-dc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC52FD-29BE-4037-9A7C-264ACF9F6C0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3371EEF-9D7A-4EF6-A435-A0F1034E5EE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-24c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7781CB15-3452-47D9-A961-8B09F2E9AEC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020sr-32c2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09A31FB8-512E-43EF-8F87-E02E35F5251E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tr-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBFF922-28D7-42D6-8796-91AD9A178D28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7020tra-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561B4042-DFD3-4BC0-9C5F-74799A7E92C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "253D74DE-97F5-40F3-B179-D2D4442C57FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050qx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75E03F9E-522F-4D9B-9267-09E2550B5465",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "895A7AFD-BE76-47F5-B67B-6279046E4274",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74E258EC-EA50-4185-AA35-5D963C359E74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1482D4FC-60B9-4C89-B892-71AA3E1031F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C99D84E9-2229-459E-AE90-49C2EF670884",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx2-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D922C725-1139-4DD4-92FC-9FF15E35CE62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-48:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78E7CDCC-ADC6-4854-BFC4-72DA47C5F10B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B03678D-AD7B-4B1A-8E6A-1811DD8B1483",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx-72q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E803639C-13A1-48CA-A589-C83654AE454F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx2-128:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A495D282-D3DC-4D18-AB72-2358834C238E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D518C8D5-A86B-46E5-A646-8939BFA2E116",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060cx2-32s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1608297-7079-4F3B-857E-708B74E944D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060dx4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "806A01C5-231D-4F9D-A292-E9DD706A0C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060px4-32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10746F-8FC0-49EF-BB9C-EC49B734DFA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7060sx2-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26582E98-B710-46D7-B8F2-9286E0592FA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFFA321D-F4A5-434C-BB39-D2B2687001D6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3264E086-4E90-41D0-8583-8FCF3CE4885D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93D74C0B-E470-4D45-98E2-775DE43997DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2CAA23-003C-43E6-87CE-61E4369C2D30",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150s-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7445075-D130-472C-B259-6BACE678541D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3FA52A-3A67-4515-9790-598860102893",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7150sc-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6336F166-FAD3-4846-84B9-45F5FAA3D437",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-32cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7620401C-FB14-46F1-979B-B21194F90945",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48tc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DFC236-44B3-4EEF-8937-4F86EE99EB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7160-48yc6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "823E5569-C918-40E6-A2C5-7C415E4ADEF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8EFEEA5-0FC4-4FFC-BF5D-BDBAA1B55C70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-32cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2959C68-8731-4F37-B9E7-61E5936D3D8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6FB3395-8D13-4477-A46E-37A88272CFAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7170b-64c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EE3572E-A724-4057-8776-7A95528DCEE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720df-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FCDB83-38D5-4F02-97E2-BBEF891DCDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80EAF795-EB62-4A86-A0FC-A09008E631A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dp-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA03BA0B-BB2D-41CF-BA2E-B21604D6FBC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE185FD-0D4D-4862-B513-BC68BF3F9F7E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46C2150F-2FD6-452F-8C56-7413E3EB8FDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720dt-48y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44A568A1-BA88-458E-B69A-0A2A6C594728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58757129-BF9C-4BD8-B692-BB57023F8A48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2756BB4B-1053-4EAC-AC0B-785FD5039D5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40D36540-7723-4284-A207-6BD27728CA25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF95CB28-E010-4A1D-A746-F9DDF015868F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:722xpm-48y4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15876058-5E5D-4C87-83A3-592ADCA0AA6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:722xpm-48zy8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "426308A9-D534-4465-865C-39BC70548B00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7250qx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD95B3B-D655-42DC-85C2-2C6FDBCC77F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E40D14DE-BAFB-461F-9AA7-E3EDC2D8D468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "901E5B76-0EB7-4EAD-A281-15B9F78041AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260cx3-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49BAE58E-F4B5-4C8F-9EEB-5A0F38A96F0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260qx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1DE992-9BFA-4794-82F4-66F464BB384E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260qx-64:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83A3811A-EB0E-464B-86E7-0E369935A507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7260sx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58296832-AA93-4EAE-96BD-28EC368F8391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6466FE3-DCE8-4DA5-B893-2BA864F73BC5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21CB1AAF-FC82-4A80-9932-42E8EFA3906A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60FC964C-9835-443A-A584-3A5D6022E914",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-32q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF8A65D-6FBC-4C38-8B45-418E6C5EB16C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F088D51-24F4-49AD-8397-73D1EAF45F56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x-64t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69BA5C6D-40C0-4AA3-AC10-D7F097D8EDD9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0040BDDF-D711-4619-9E96-96EFBD33CAA0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA716D-CAD1-4689-8A26-977A2E5F869E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7320x-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD08CBF-6F42-4F98-B413-F65C5613BE6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7358x4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC38094-A539-425D-A2B6-770FAF0FC3C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7368x4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161DB0D9-9BAC-4546-88D3-5547F4B6149C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7388x5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66E706E-56FB-4A49-BD90-76A8CB6BE391",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD5D5BB-96D6-43F5-A394-829E7866AF3B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06C61DCC-D1CF-4CE5-9634-4BE3E071E83E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC651584-113E-4859-9F14-12D62F3BD626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "583725F6-8583-425C-A847-700DBB9169E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6A4B3C-FF12-4DCD-9945-8450AD0BDEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BB565-2668-4242-8A00-5CC9C30B9AC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15F1A605-8836-4A64-AC5E-ADAB34F8F104",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8A047A-9FD9-4AE1-9E47-457A46BAE3A4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019B0670-389B-4A4E-8C72-52202E3AA8EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D19E86BF-AA91-4262-8EF9-B7FC48C6F3F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58443CDE-33D8-4460-A861-CDC07431AA22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64BE8C68-FE98-4162-A3D3-54494D5444F5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart."
}
],
"id": "CVE-2023-24510",
"lastModified": "2024-11-21T07:48:01.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T22:15:11.717",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17445-security-advisory-0087"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB3E3E1-1FA3-47DD-90BE-F84DB4A76D8D",
"versionEndIncluding": "0.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases"
},
{
"lang": "es",
"value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, un usuario puede ejecutar comandos a pesar de no tener los privilegios para hacerlo. Este problema afecta: Sistema Operativo Arista Metamako Todas las versiones MOS-0.1x train MOS-0.32.0 y anteriores"
}
],
"id": "CVE-2021-28493",
"lastModified": "2024-11-21T05:59:46.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:08.630",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-09 13:15
Modified
2024-11-21 05:59
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@arista.com | https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arista | metamako_operating_system | * | |
| arista | 7130 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C11D2B4-0389-4B23-B22A-1B0CB1B2299A",
"versionEndIncluding": "0.34.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arista\u0027s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases"
},
{
"lang": "es",
"value": "En el software MOS (Sistema Operativo Metamako) de Arista, compatible con la l\u00ednea de productos 7130, en determinadas condiciones, la autenticaci\u00f3n es omitida por usuarios no privilegiados que acceden a la Interfaz de Usuario web. Este problema afecta a: Sistema Operativo Arista Metamako versi\u00f3n MOS-0.34.0 y versiones anteriores"
}
],
"id": "CVE-2021-28494",
"lastModified": "2024-11-21T05:59:46.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-09T13:15:09.013",
"references": [
{
"source": "psirt@arista.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
}
],
"sourceIdentifier": "psirt@arista.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "psirt@arista.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}