PT-2021-17875 · Arista · Arista Metamako Operating System

Published

2021-09-09

Updated

2022-07-29

CVE-2021-28499

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: Arista Metamako Operating System versions 0.18 through 0.19 Arista Metamako Operating System versions 0.2x Arista Metamako Operating System versions 0.31.1 and prior

Description: The issue affects Arista's MOS software, which is supported on the 7130 product line. User account passwords set in clear text could leak to users without any password.

Recommendations: For versions 0.18 through 0.19, update to a version outside of the MOS-0.1x train to resolve the issue. For versions 0.2x, update to a version outside of the MOS-0.2x train to resolve the issue. For versions 0.31.1 and prior, update to a version later than MOS-0.31.1 in the MOS-0.3x train to resolve the issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255CWE-522

Related Identifiers

CVE-2021-28499

Affected Products

Arista Metamako Operating System

PT-2021-17875 · Arista · Arista Metamako Operating System

CVE-2021-28499

Weakness Enumeration

Related Identifiers

Affected Products

References · 4