#VU109296 Information disclosure in Arista Extensible Operating System (EOS) - CVE-2021-28496
Published: May 17, 2025
Vulnerability identifier: #VU109296
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-28496
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Arista Extensible Operating System (EOS)
Arista Extensible Operating System (EOS)
Software vendor:
Arista Networks
Arista Networks
Description
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. When using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device.
Remediation
Install updates from vendor's website.