CVE-2021-28505 : What You Need to Know

This article provides insights into CVE-2021-28505, affecting Arista Networks' EOS platforms, highlighting the impact, technical details, and mitigation steps.

Understanding CVE-2021-28505

CVE-2021-28505 is a vulnerability found on affected Arista EOS platforms related to VXLAN match rules in IPv4 access lists.

What is CVE-2021-28505?

The vulnerability allows VXLAN rules and ACL rules to bypass the specified IP protocol when applied to the ingress of L2 or L3 ports/SVI.

The Impact of CVE-2021-28505

With a CVSS base score of 7.5 (High severity), the vulnerability poses a risk of integrity impact on affected systems without requiring special privileges, potentially leading to unauthorized access.

Technical Details of CVE-2021-28505

The vulnerability stems from improper access control (CWE-284) and affects specific versions of Arista EOS, such as 4.26.3M and 4.27.0F.

Vulnerability Description

On affected platforms, VXLAN and ACL rules can ignore the specified IP protocol, potentially leading to misconfigurations and security lapses.

Affected Systems and Versions

Arista Networks' EOS versions 4.26.3M and 4.27.0F are impacted by this vulnerability.

Exploitation Mechanism

The vulnerability enables threat actors to manipulate VXLAN and ACL rules to bypass the intended IP protocol, posing a threat to system integrity.

Mitigation and Prevention

To address CVE-2021-28505, immediate steps and long-term security practices are recommended.

Immediate Steps to Take

Replace the 'vxlan' IP protocol match with 'udp' and configure the Layer 4 destination port correctly for VXLAN encapsulated packets.

Long-Term Security Practices

Upgrade affected systems to the patched versions 4.26.4M or 4.27.1F and apply all available fixes listed by Arista Networks.

Patching and Updates

Arista Networks advises moving to the latest version of the affected EOS releases, 4.26.x and 4.27.x, to mitigate the vulnerability effectively.