CVE-2021-28511

This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078	Exploit Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::
	cpe:2.3:o:arista:eos::::::::

OR	cpe:2.3:h:arista:7050cx3-32s:-:::::::*
	cpe:2.3:h:arista:7050cx3m-32s:-:::::::*
	cpe:2.3:h:arista:7050sx3-48c8:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc12:-:::::::*
	cpe:2.3:h:arista:7050sx3-48yc8:-:::::::*
	cpe:2.3:h:arista:7050sx3-96yc8:-:::::::*
	cpe:2.3:h:arista:7050tx3-48c8:-:::::::*
	cpe:2.3:h:arista:720xp-24y6:-:::::::*
	cpe:2.3:h:arista:720xp-24zy4:-:::::::*
	cpe:2.3:h:arista:720xp-48y6:-:::::::*
	cpe:2.3:h:arista:720xp-48zc2:-:::::::*
	cpe:2.3:h:arista:720xp-96zc2:-:::::::*
	cpe:2.3:h:arista:7300x3-32c:-:::::::*
	cpe:2.3:h:arista:7300x3-48yc4:-:::::::*

History

No history.

Information

Published : 2022-08-05 17:15

Updated : 2024-02-28 19:29

NVD link : CVE-2021-28511

Mitre link : CVE-2021-28511

CVE.ORG link : CVE-2021-28511

JSON object : View

Products Affected

arista

7050sx3-96yc8
7300x3-32c
eos
7050sx3-48yc12
7050tx3-48c8
720xp-24y6
720xp-24zy4
7050sx3-48c8
7050sx3-48yc8
720xp-48zc2
7300x3-48yc4
720xp-96zc2
7050cx3m-32s
720xp-48y6
7050cx3-32s
7050sx3-48yc

CWE

NVD-CWE-Other CWE-284

Improper Access Control

{"id": "CVE-2021-28511", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-05T17:15:07.957", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/15862-security-advisory-0078", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "psirt@arista.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass."}, {"lang": "es", "value": "Este aviso documenta el impacto de una vulnerabilidad encontrada internamente en Arista EOS para omitir las ACL de seguridad. El impacto de esta vulnerabilidad es que la regla de ca\u00edda de la ACL de seguridad podr\u00eda omitirse si un filtro de regla ACL de NAT con acci\u00f3n de permiso coincide con el flujo de paquetes. Esto podr\u00eda permitir que un host con una direcci\u00f3n IP en un rango que coincida con el rango permitido por una ACL de NAT y un rango denegado por una ACL de seguridad sea reenviado incorrectamente ya que deber\u00eda haber sido denegado por la ACL de seguridad. Esto puede permitir una derivaci\u00f3n de la ACL"}], "lastModified": "2022-08-15T20:50:20.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD53A1C6-B490-4176-B956-83B3AF856E07", "versionEndIncluding": "4.24.9"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E995C872-3638-45EC-A912-ECBEB2B61369", "versionEndIncluding": "4.25.8", "versionStartIncluding": "4.25.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C0F3258-2042-4BC5-B003-6406D8EF8291", "versionEndIncluding": "4.26.5", "versionStartIncluding": "4.26.0"}, {"criteria": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D71F445-AB45-43B2-8C37-A4C6169F2CED", "versionEndIncluding": "4.27.3", "versionStartIncluding": "4.27.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arista:7050cx3-32s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1FF0290-C671-4ABC-8A12-05E4D55FC4AE"}, {"criteria": "cpe:2.3:h:arista:7050cx3m-32s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "828C6E4F-814A-4060-8F5E-7FF359C8739C"}, {"criteria": "cpe:2.3:h:arista:7050sx3-48c8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE35C17F-0C60-4A40-9949-D4C5D94D1D7A"}, {"criteria": "cpe:2.3:h:arista:7050sx3-48yc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07BA078E-30B7-4E2C-B240-BF64E98143E9"}, {"criteria": "cpe:2.3:h:arista:7050sx3-48yc12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBFD0706-CACB-40FA-A41B-46B39C6E1D33"}, {"criteria": "cpe:2.3:h:arista:7050sx3-48yc8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5951D243-CB68-4B41-A913-D879CE502795"}, {"criteria": "cpe:2.3:h:arista:7050sx3-96yc8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73156612-D338-4E20-8C82-0E65DAA72331"}, {"criteria": "cpe:2.3:h:arista:7050tx3-48c8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "388C57D8-4B3C-4E5D-84AA-0CB7506F825A"}, {"criteria": "cpe:2.3:h:arista:720xp-24y6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AFDBCBB-2C1A-4B88-AE28-EF63D5B9EDD2"}, {"criteria": "cpe:2.3:h:arista:720xp-24zy4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58757129-BF9C-4BD8-B692-BB57023F8A48"}, {"criteria": "cpe:2.3:h:arista:720xp-48y6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2756BB4B-1053-4EAC-AC0B-785FD5039D5F"}, {"criteria": "cpe:2.3:h:arista:720xp-48zc2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40D36540-7723-4284-A207-6BD27728CA25"}, {"criteria": "cpe:2.3:h:arista:720xp-96zc2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DF95CB28-E010-4A1D-A746-F9DDF015868F"}, {"criteria": "cpe:2.3:h:arista:7300x3-32c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0040BDDF-D711-4619-9E96-96EFBD33CAA0"}, {"criteria": "cpe:2.3:h:arista:7300x3-48yc4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D4AA716D-CAD1-4689-8A26-977A2E5F869E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@arista.com"}