CVE-2021-28503

Critical

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is…

Arista·CWE-305·Published 2022-02-04

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

206 chars

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI.

NVDen

206 chars

NVDes

253 chars

El impacto de esta vulnerabilidad es que EOS eAPI de Arista puede omitir la reevaluación de las credenciales del usuario cuando es usada la autenticación basada en certificados, lo que permite a atacantes remotos acceder al dispositivo por medio de eAPI

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
3.1	Secondary	NVD	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H