CVE-2021-28507 Information

Description

An issue has recently been discovered in Arista EOS where under certain conditions the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed which results in the denied requests being forwarded to the agent.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Reference

https://www.arista.com/en/support/advisories-notices/security-advisories/13449-security-advisory-0071

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.1