CVE-2021-28509

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 26-05-2022 10:15

Last modified: - 09-06-2022 09:08

Total changes: - 3

Description

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

Required

User interaction

6.1

Base score

0.9

5.2

Exploitability score

Impact score

Verification logic

OR

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=ccs-722xpm-48y4 AND version=-

vendor=arista AND product=ccs-722xpm-48zy8 AND version=-

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=dcs-7050cx3-32s-r AND version=-

vendor=arista AND product=7050cx3-32s AND version=-

vendor=arista AND product=7050cx3m-32s AND version=-

vendor=arista AND product=7050sx3-96yc8 AND version=-

vendor=arista AND product=7050sx3-48yc12 AND version=-

vendor=arista AND product=7050sx3-48yc AND version=-

vendor=arista AND product=7050sx3-48yc8 AND version=-

vendor=arista AND product=7050sx3-48c8 AND version=-

vendor=arista AND product=7050tx3-48c8 AND version=-

vendor=arista AND product=dcs-7050cx3-32s AND version=-

vendor=arista AND product=dcs-7050cx3m-32s AND version=-

vendor=arista AND product=dcs-7050sx3-48c8 AND version=-

vendor=arista AND product=dcs-7050sx3-48yc12 AND version=-

vendor=arista AND product=dcs-7050sx3-48yc8 AND version=-

vendor=arista AND product=dcs-7050sx3-96yc8 AND version=-

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=7280r2 AND version=-

vendor=arista AND product=7280r3 AND version=-

vendor=arista AND product=7280pr3-24 AND version=-

vendor=arista AND product=7280pr3k-24 AND version=-

vendor=arista AND product=7280dr3-24 AND version=-

vendor=arista AND product=7280dr3k-24 AND version=-

vendor=arista AND product=7280cr3-32p4 AND version=-

vendor=arista AND product=7280cr3k-32p4 AND version=-

vendor=arista AND product=7280cr3-32d4 AND version=-

vendor=arista AND product=7280cr3k-32d4 AND version=-

vendor=arista AND product=7280cr2k-60 AND version=-

vendor=arista AND product=7280cr3-96 AND version=-

vendor=arista AND product=7280cr3k-96 AND version=-

vendor=arista AND product=7280cr2ak-30 AND version=-

vendor=arista AND product=7280sr3-48yc8 AND version=-

vendor=arista AND product=7280sr3k-48yc8 AND version=-

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=7500r2 AND version=-

vendor=arista AND product=7500r3 AND version=-

vendor=arista AND product=7500r3-24p AND version=-

vendor=arista AND product=7500r3-24d AND version=-

vendor=arista AND product=7500r3-36cq AND version=-

vendor=arista AND product=7500r3k-36cq AND version=-

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=7800r3-36p AND version=-

vendor=arista AND product=7800r3-48cq AND version=-

vendor=arista AND product=7800r3k-48cq AND version=-

AND

OR

vendor=arista AND product=terminattr AND versionStartIncluding=1.17.0 AND versionEndExcluding=1.19.2

vendor=arista AND product=terminattr AND versionStartIncluding=1.11.0 AND versionEndExcluding=1.16.8

vendor=arista AND product=terminattr AND versionEndExcluding=1.10.11

vendor=arista AND product=eos AND versionStartIncluding=4.27 AND versionEndExcluding=4.27.4

vendor=arista AND product=eos AND versionStartIncluding=4.26 AND versionEndExcluding=4.26.6

vendor=arista AND product=eos AND versionStartIncluding=4.25 AND versionEndExcluding=4.25.8

vendor=arista AND product=eos AND versionStartIncluding=4.24 AND versionEndExcluding=4.24.10

vendor=arista AND product=eos AND versionEndIncluding=4.23.11 AND versionStartIncluding=4.23

OR

vendor=arista AND product=7388x5 AND version=-

Reference

https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077

Keywords

NVD

CVE-2021-28509

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.