Main Vulnerability Database Vulnerabilities #VU109302

Improper access control in Arista Extensible Operating System (EOS) - CVE-2021-28504

Published: May 17, 2025

Vulnerability identifier: #VU109302

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2021-28504

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Extensible Operating System (EOS)

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to deny rules fail to get applied for packets of size higher than the configured maximum transmission unit (MTU). A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

How to mitigate CVE-2021-28504

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisories/15267-security-advisory-0073

Improper access control in Arista Extensible Operating System (EOS) - CVE-2021-28504

Detailed vulnerability description

How to mitigate CVE-2021-28504

Sources

Please verify you're human