Improper Authorization
CVE-2021-28501
Summary
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published
