CVE-2021-28507 : Vulnerability Insights and Analysis

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, resulting in denied requests being forwarded to the agent.

Understanding CVE-2021-28507

This section provides detailed insights into the CVE-2021-28507 vulnerability.

What is CVE-2021-28507?

CVE-2021-28507 is a vulnerability in Arista EOS where the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF can be bypassed under specific conditions.

The Impact of CVE-2021-28507

The vulnerability could allow unauthorized access to services and result in denied requests being forwarded to the agent, compromising data integrity.

Technical Details of CVE-2021-28507

Explore the technical aspects of CVE-2021-28507 to better understand its implications.

Vulnerability Description

The issue allows the bypassing of service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF, potentially leading to security breaches.

Affected Systems and Versions

Impacted versions include Arista EOS 4.22.x, 4.26.2F, 4.25.5.1M, 4.25.4M, 4.25.3, 4.24.7M, 4.23.9M, and 4.21.x.

Exploitation Mechanism

Attackers may exploit this vulnerability via network access with high privileges required for successful attacks.

Mitigation and Prevention

Discover the recommended steps to mitigate and prevent CVE-2021-28507.

Immediate Steps to Take

Mitigate the issue by upgrading to remediated software versions in the 4.26.x, 4.25.x, 4.25.4.x, 4.24.x, and 4.23.x release trains.

Long-Term Security Practices

To prevent future vulnerabilities, ensure regular software updates and security patches are applied promptly.

Patching and Updates

Stay protected by applying patches provided by Arista and maintaining up-to-date software versions.