QID 43896

Date Published: 2021-11-15

QID 43896: Arista EOS Missing Encryption of Sensitive Data Vulnerability (SA0069)

Arista EOS is the Worlds Most Advanced Network Operating System.

Arista EOS is a fully programmable and highly modular, Linux-based network operation system, using familiar industry standard CLI and runs a single binary software image across the Arista switching family.

Affected EOS versions:
All releases in 4.22.x train
4.23.9 and below releases in the 4.23.x train
4.24.7 and below releases in the 4.24.x train
4.25.4 and below releases in the 4.25.x train
4.26.1 and below releases in the 4.26.x train

QID Detection Logic (Authenticated):
The check matches Arista EOS version retrieved via Unix Auth using "show version" command.

The consequence of this vulnerability is that, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device.

CVSS V3 rated as High - 6.5 severity.

CVSS V2 rated as Medium - 4 severity.

Solution

Refer to Arista Security Advisory SA0069 for patch details.Workaround:

The following configuration changes may be used as an immediate mitigation in order to prevent the exploitation temporarily. Please upgrade to the fixed version or install the hotfix swix as the proper final resolution

1. Create a new role with restricted access to the CLI show command and make sure the rule has been successfully configured.
2. Enable role-based access control.
3. Assign the role to a username.
4. Login with username 'adminUser' should deny the access of shared-secret profile CLI show command.

Vendor References

Arista:Security Advisory 0069 - www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069

CVEs related to QID 43896

CVE-2021-28496 |

Software Advisories

Advisory ID	Software	Component	Link
SA0069			www.arista.com/en/support/advisories-notices/security-advisories/13243-security-advisory-0069

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].