CVE-2021-28495 : What You Need to Know

Arista's Metamako Operating System (MOS) running on the 7130 Systems is susceptible to an improper authentication vulnerability that allows user authentication bypass when API access is enabled via JSON-RPC APIs. This CVE has a CVSS base score of 7.2, indicating a high severity level.

Understanding CVE-2021-28495

This section delves into the details of the CVE-2021-28495 vulnerability.

What is CVE-2021-28495?

The CVE-2021-28495 vulnerability in Arista's MOS software allows attackers to bypass user authentication under certain conditions when API access is enabled through JSON-RPC APIs.

The Impact of CVE-2021-28495

With a CVSS base score of 7.2, this vulnerability poses a high risk as it enables unauthorized users to bypass authentication and potentially gain unauthorized access to systems running the affected software.

Technical Details of CVE-2021-28495

Let's explore the technical aspects of CVE-2021-28495.

Vulnerability Description

The vulnerability stems from improper authentication mechanisms in Arista's Metamako Operating System, specifically affecting versions MOS-0.13, MOS-0.26.7, and MOS-0.32.0.

Affected Systems and Versions

Arista's MOS versions ranging from MOS-0.13 to MOS-0.32.0 are impacted, with the vulnerability manifesting in the 7130 Systems running MOS.

Exploitation Mechanism

Attackers can exploit this vulnerability by leveraging API access provided by JSON-RPC APIs to bypass user authentication and gain unauthorized system access.

Mitigation and Prevention

Here's what you need to do to mitigate the risks associated with CVE-2021-28495.

Immediate Steps to Take

Upgrade to MOS-0.26.7 or MOS-0.32.0 to address the vulnerability.
Follow the provided link to install the hotfix for further protection.

Long-Term Security Practices

Ensure regular software updates and patches for the MOS software to prevent vulnerabilities.

Patching and Updates

Stay informed about security advisories from Arista and apply patches promptly to safeguard your systems.