CVE-2021-28497

EPSS 0.05%
Veröffentlicht 09.09.2021 13:15:09
Zuletzt bearbeitet 21.11.2024 05:59:47
Quelle psirt@arista.com
Teams Watchlist Login
Unerledigt Login

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arista ≫ Metamako Operating System Version <= 0.26.6

Arista ≫ 7130 Version-

Arista ≫ Metamako Operating System Version >= 0.31.0 < 0.32.0

Arista ≫ 7130 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@arista.com	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2021-28497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28497

EUVD