Description

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

Related CPE's

o

arista

metamako_operating_system

3

h

arista

7130

-

References

https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66

MitigationVendor Advisory

https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66

MitigationVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-287

[email protected]

Primary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

7.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-09T11:15:09.103Z

4 years ago

Last modified

2024-11-21T04:59:46.757Z

1 year ago