Vulnerabilities > CVE-2021-28504 - Incorrect Authorization vulnerability in Arista EOS

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

arista

CWE-863

NVD

Published: 2022-04-01

Updated: 2022-04-12

Summary

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.

Vulnerable Configurations

Part	Description	Count
OS	Arista Arista EOS 4.26 Arista EOS 4.26.1 Arista EOS 4.26.1F Arista EOS 4.26.2 Arista EOS 4.26.2F Arista EOS 4.26.3M Arista EOS 4.27 Arista EOS 4.27.0F	8
Hardware	Arista Arista CCS 710P 12 - Arista CCS 710P 16P - Arista CCS 720Xp 24Y6 - Arista CCS 720Xp 24Zy4 - Arista CCS 720Xp 48Y6 - Arista CCS 720Xp 48Zc2 - Arista CCS 720Xp 96Zc2 - Arista CCS 722Xpm 48Y4 - Arista CCS 722Xpm 48Zy8 - Arista DCS 7010Tx 48 - Arista DCS 7050Cx3 32S - Arista DCS 7050Cx3M 32S - Arista DCS 7050Sx3 48C8 - Arista DCS 7050Sx3 48Yc12 - Arista DCS 7050Sx3 48Yc8 - Arista DCS 7050Sx3 96Yc8 - Arista DCS 7050Tx3 48C8 -	17

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073