CVE-2021-28506 Explained : Impact and Mitigation

An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication, potentially allowing a factory reset of the device.

Understanding CVE-2021-28506

This section delves into the impact, technical details, and mitigation strategies related to CVE-2021-28506.

What is CVE-2021-28506?

CVE-2021-28506 is a vulnerability in Arista EOS that allows unauthorized access and potential factory reset of devices due to improper authorization in gNOI APIs.

The Impact of CVE-2021-28506

The impact of this critical vulnerability is rated as HIGH with a CVSS base score of 9.1. It poses a significant risk to the integrity and availability of affected systems.

Technical Details of CVE-2021-28506

This section outlines vulnerability description, affected systems, and exploitation mechanism.

Vulnerability Description

The vulnerability in certain gNOI APIs of Arista EOS allows unauthorized access, potentially leading to a device reset.

Affected Systems and Versions

Arista Networks' EOS versions 4.26.2F, 4.25.5.1M, 4.25.4M, 4.25.3, and 4.24.7M are affected by CVE-2021-28506.

Exploitation Mechanism

Attackers can exploit this vulnerability over a network with low complexity, posing a critical threat to system availability.

Mitigation and Prevention

This section provides guidance on immediate steps, long-term security practices, and patching strategies.

Immediate Steps to Take

Upgrade affected systems to remediated software versions immediately to mitigate the security risk.

Long-Term Security Practices

Implement strict authorization and authentication mechanisms to prevent unauthorized access to network devices.

Patching and Updates

Arista recommends moving to the latest versions within each release stream to address CVE-2021-28506. Updates are available for versions 4.26.3M, 4.25.6M, 4.25.4.1M, and 4.24.8M.