CVE-2021-28505

Name of the Vulnerable Software and Affected Versions Arista EOS (affected versions not specified)

Description On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. This issue was discovered internally and Arista is not aware of any malicious uses of this issue in customer networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.