Описание
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
Ссылки
- ExploitMitigationPatchVendor Advisory
- ExploitMitigationPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.16.2 (включая)
cpe:2.3:a:arista:terminattr:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00291
Низкий
9.1 Critical
CVSS3
7.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.8
github
около 4 лет назад
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.
EPSS
Процентиль: 52%
0.00291
Низкий
9.1 Critical
CVSS3
7.8 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-285
NVD-CWE-noinfo