Description

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train

Related CPE's

o

arista

metamako_operating_system

3

h

arista

7130

-

References

https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66

MitigationVendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

[email protected]

Secondary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-09T13:15:09.103

3 years ago

Last modified

2021-09-22T16:34:39.700

3 years ago