← back
CVE-2021-28494

CVE-2021-28494

CVSS 9.6 CRITICALEPSS 0.8%CWE-287
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Affected products
Arista · Metamako Operating System

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68