exploitDog

CVE-2021-28496

Опубликовано: 21 окт. 2021

Источник: nvd

CVSS3: 5.7

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.22 (включая) до 4.22.7m (включая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.23 (включая) до 4.23.10 (исключая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.24 (включая) до 4.24.8 (исключая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.25 (включая) до 4.25.5 (исключая)

cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*

Версия от 4.26 (включая) до 4.26.2 (исключая)

EPSS

Процентиль: 32%

0.00122

Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-311

CWE-522

Связанные уязвимости

GHSA-v5xw-5jg8-4q3j

CVSS3: 6.5

github

больше 3 лет назад

On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x train

EPSS

Процентиль: 32%

0.00122

Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-311

CWE-522