PT-2021-17873 · Arista · Arista Metamako Operating System
Published
2021-09-09
·
Updated
2021-09-22
·
CVE-2021-28497
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Arista Metamako Operating System versions MOS-0.1x and earlier
Arista Metamako Operating System versions MOS-0.2x up to MOS-0.26.6
Arista Metamako Operating System versions MOS-0.3x up to MOS-0.31.1
Description:
The issue affects Arista's MOS (Metamako Operating System) software, which is supported on the 7130 product line. Under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access.
Recommendations:
For Arista Metamako Operating System versions MOS-0.1x and earlier, update to a version outside of the MOS-0.1x train.
For Arista Metamako Operating System versions MOS-0.2x up to MOS-0.26.6, update to a version above MOS-0.26.6 in the MOS-0.2x train.
For Arista Metamako Operating System versions MOS-0.3x up to MOS-0.31.1, update to a version above MOS-0.31.1 in the MOS-0.3x train.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arista Metamako Operating System