CVE-2021-28499

low-risk
Published 2021-09-09

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Metamako Operating System

Affected Vendors

Arista

References (2)

Mitigation https://www.arista.com/en/support/advisories-notices/security-advisories/12912-s...
Mitigation https://www.arista.com/en/support/advisories-notices/security-advisories/12912-s...
25
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal