Published on: 01/14/2022 12:00:00 AM UTC
Last Modified on: 01/14/2022 09:37:00 PM UTC
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.
- CVE-2021-28507 has been assigned by [email protected] to track the vulnerability
- On the affected versions, all vulnerabilities can be mitigated by disabling OpenConfig gNMI/gNOI and OpenConfig RESTCONF and TerminAttr. If use of these agents is required, a hotfix employing a proxy service can be deployed.
- To mitigate CVE-2021-28507 with the continued use of the affected agents, a hotfix employing a proxy service can be deployed. The proxy is configured behind the gNMI/gNOI or RESTCONF server. The hotfix can be downloaded at https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.i386.swix for 32 bit systems and https://www.arista.com/en/support/advisories-notices/sa-download/?sa=71-SecurityAdvisory0071Hotfix.x86_64.swix for 64 bit systems.
|Security Advisory 0071 - Arista|| www.arista.com |
Known Affected Software
|Arista Networks||EOS||<= 4.26.0|
|Arista Networks||EOS||<= 4.25.5|
|Arista Networks||EOS||<= 4.25.4|
|Arista Networks||EOS||<= 4.25.0|
|Arista Networks||EOS||<= 4.24.0|
|Arista Networks||EOS||<= 4.23.0|
|Arista Networks||EOS||= 4.22.x|
|Arista Networks||EOS||<= 4.21.x|
|@CVEreport||CVE-2021-28507 : An issue has recently been discovered in Arista EOS where, under certain conditions, the service A… twitter.com/i/web/status/1…||2022-01-14 19:46:11|