SB2021101986 - Information disclosure in Arista EOS
Published: October 19, 2021 Updated: May 17, 2025
Security Bulletin ID
SB2021101986
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2021-28496)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. When using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device.
Remediation
Install update from vendor's website.