CVE-2021-28494 CRITICAL

CVE-2021-28494

Vendor Arista
Product Metamako Operating System
Weakness CWE-287 · Improper authentication
Published September 9, 2021
Last update August 3, 2024

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases

Key dates

02Disclosure timeline

September 9, 2021 CVE published
August 3, 2024 Record updated