#VU109302 Improper access control in Arista Extensible Operating System (EOS) - CVE-2021-28504
Published: May 17, 2025
Vulnerability identifier: #VU109302
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:U/U:Green
CVE-ID: CVE-2021-28504
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Arista Extensible Operating System (EOS)
Arista Extensible Operating System (EOS)
Software vendor:
Arista Networks
Arista Networks
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to deny rules fail to get applied for packets of size higher than the configured maximum transmission unit (MTU). A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.