Latest CVE Feed
-
6.1
MEDIUMCVE-2021-28509
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MAC... Read more
Affected Products : eos terminattr dcs-7050cx3-32s-r 7280r2 7280r3 7500r2 7500r3 7050cx3-32s 7050cx3m-32s 7050sx3-48c8 +35 more products- EPSS Score: %0.14
- Published: May. 26, 2022
- Modified: Nov. 21, 2024
-
6.8
MEDIUMCVE-2021-28508
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPs... Read more
Affected Products : eos terminattr dcs-7050cx3-32s-r 7280r2 7280r3 7500r2 7500r3 7050cx3-32s 7050cx3m-32s 7050sx3-48c8 +35 more products- EPSS Score: %0.15
- Published: May. 26, 2022
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2021-28507
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.... Read more
Affected Products : eos- EPSS Score: %0.14
- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2021-28506
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.... Read more
Affected Products : eos- EPSS Score: %0.28
- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28505
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol.... Read more
Affected Products : eos ccs-710p-12 ccs-710p-16p ccs-720xp-24y6 ccs-720xp-24zy4 ccs-720xp-48y6 ccs-720xp-48zc2 ccs-720xp-96zc2 ccs-722xpm-48y4 ccs-722xpm-48zy8 +8 more products- EPSS Score: %0.20
- Published: Apr. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-28504
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field ... Read more
Affected Products : eos ccs-710p-12 ccs-710p-16p ccs-720xp-24y6 ccs-720xp-24zy4 ccs-720xp-48y6 ccs-720xp-48zc2 ccs-720xp-96zc2 ccs-722xpm-48y4 ccs-722xpm-48zy8 +8 more products- EPSS Score: %0.18
- Published: Apr. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28503
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.... Read more
Affected Products : eos- EPSS Score: %0.44
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-28501
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.... Read more
Affected Products : terminattr- EPSS Score: %0.14
- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-28500
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.... Read more
Affected Products : eos- EPSS Score: %0.31
- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
6.3
MEDIUMCVE-2021-28499
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post rel... Read more
- EPSS Score: %0.04
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2021-28498
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operat... Read more
- EPSS Score: %0.09
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-28497
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arist... Read more
- EPSS Score: %0.05
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28496
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outpu... Read more
Affected Products : eos- EPSS Score: %0.09
- Published: Oct. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28495
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating... Read more
- EPSS Score: %0.39
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-28494
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System... Read more
- EPSS Score: %0.29
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
8.4
HIGHCVE-2021-28493
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating Sy... Read more
- EPSS Score: %0.04
- Published: Sep. 09, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-28492
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores passwords in a recoverable format.... Read more
Affected Products : stealth- EPSS Score: %0.26
- Published: Apr. 20, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-28490
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.... Read more
Affected Products : csrfguard- EPSS Score: %0.15
- Published: Aug. 19, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-28488
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve manage... Read more
Affected Products : network_manager- EPSS Score: %0.63
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-28485
In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not inten... Read more
Affected Products : mobile_switching_center_server_bc_18a_firmware mobile_switching_center_server_bc_18a- EPSS Score: %0.36
- Published: Sep. 14, 2023
- Modified: Nov. 21, 2024