CVE-2021-28501
Description
An issue has recently been discovered in Arista EOS where the incorrect use of EOSs AAA APIs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.291
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improper Authorization Vulnerability (CVE-2021-28501) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234