Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28509

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

Published

2022-05-26T20:15:08.500

Last Modified

2024-11-21T05:59:48.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-255
Type: Primary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	ccs-722xpm-48y4	-	No
Hardware	arista	ccs-722xpm-48zy8	-	No
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	7050cx3-32s	-	No
Hardware	arista	7050cx3m-32s	-	No
Hardware	arista	7050sx3-48c8	-	No
Hardware	arista	7050sx3-48yc	-	No
Hardware	arista	7050sx3-48yc12	-	No
Hardware	arista	7050sx3-48yc8	-	No
Hardware	arista	7050sx3-96yc8	-	No
Hardware	arista	7050tx3-48c8	-	No
Hardware	arista	dcs-7050cx3-32s	-	No
Hardware	arista	dcs-7050cx3-32s-r	-	No
Hardware	arista	dcs-7050cx3m-32s	-	No
Hardware	arista	dcs-7050sx3-48c8	-	No
Hardware	arista	dcs-7050sx3-48yc12	-	No
Hardware	arista	dcs-7050sx3-48yc8	-	No
Hardware	arista	dcs-7050sx3-96yc8	-	No
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	7280cr2ak-30	-	No
Hardware	arista	7280cr2k-60	-	No
Hardware	arista	7280cr3-32d4	-	No
Hardware	arista	7280cr3-32p4	-	No
Hardware	arista	7280cr3-96	-	No
Hardware	arista	7280cr3k-32d4	-	No
Hardware	arista	7280cr3k-32p4	-	No
Hardware	arista	7280cr3k-96	-	No
Hardware	arista	7280dr3-24	-	No
Hardware	arista	7280dr3k-24	-	No
Hardware	arista	7280pr3-24	-	No
Hardware	arista	7280pr3k-24	-	No
Hardware	arista	7280r2	-	No
Hardware	arista	7280r3	-	No
Hardware	arista	7280sr3-48yc8	-	No
Hardware	arista	7280sr3k-48yc8	-	No
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	7500r2	-	No
Hardware	arista	7500r3	-	No
Hardware	arista	7500r3-24d	-	No
Hardware	arista	7500r3-24p	-	No
Hardware	arista	7500r3-36cq	-	No
Hardware	arista	7500r3k-36cq	-	No
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	7800r3-36p	-	No
Hardware	arista	7800r3-48cq	-	No
Hardware	arista	7800r3k-48cq	-	No
Application	arista	terminattr	< 1.10.11	Yes
Application	arista	terminattr	< 1.16.8	Yes
Application	arista	terminattr	< 1.19.2	Yes
Operating System	arista	eos	≤ 4.23.11	Yes
Operating System	arista	eos	< 4.24.10	Yes
Operating System	arista	eos	< 4.25.8	Yes
Operating System	arista	eos	< 4.26.6	Yes
Operating System	arista	eos	< 4.27.4	Yes
Hardware	arista	7388x5	-	No

References

https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077 Exploit, Vendor Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/15484-security-advisory-0077 Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)