CVE-2021-28495

Name of the Vulnerable Software and Affected Versions: Arista Metamako Operating System versions MOS-0.1x train through MOS-0.13 and post releases Arista Metamako Operating System versions MOS-0.26.6 and below in the MOS-0.2x train Arista Metamako Operating System versions MOS-0.31.1 and below in the MOS-0.3x train

Description: The issue affects Arista's MOS software, which is supported on the 7130 product line. Under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs.

Recommendations: For versions MOS-0.1x train through MOS-0.13 and post releases, consider disabling API access via the JSON-RPC APIs until a patch is available. For versions MOS-0.26.6 and below in the MOS-0.2x train, restrict access to the JSON-RPC APIs to minimize the risk of exploitation. For versions MOS-0.31.1 and below in the MOS-0.3x train, avoid using the JSON-RPC APIs for user authentication until the issue is resolved.