{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory 72 canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/13605-security-advisory-0072" } ], "title": "Security Advisory 72", "tracking": { "current_release_date": "2022-02-01T23:25:17Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory 72", "initial_release_date": "2022-02-01T23:25:17Z", "revision_history": [ { "date": "2022-02-01T23:25:17Z", "number": "1", "summary": "Document created" } ], "status": "final", "version": "1" } }, "product_tree": { "full_product_names": [ { "name": "EOS version 4.23.6", "product_id": "CSAFPID-15" }, { "name": "EOS version 4.24.2.1", "product_id": "CSAFPID-25" }, { "name": "EOS version 4.24.3.1", "product_id": "CSAFPID-35" }, { "name": "EOS version 4.26.1", "product_id": "CSAFPID-50" }, { "name": "EOS version 4.23.4.1", "product_id": "CSAFPID-11" }, { "name": "EOS version 4.24.2", "product_id": "CSAFPID-24" }, { "name": "EOS version 4.25.0", "product_id": "CSAFPID-40" }, { "name": "EOS version 4.25.1", "product_id": "CSAFPID-41" }, { "name": "EOS version 4.25.4.1", "product_id": "CSAFPID-0" }, { "name": "EOS version 4.26.2", "product_id": "CSAFPID-51" }, { "name": "EOS version 4.23.3", "product_id": "CSAFPID-9" }, { "name": "EOS version 4.23.7.1", "product_id": "CSAFPID-17" }, { "name": "EOS version 4.25.6", "product_id": "CSAFPID-3" }, { "name": "EOS version 4.25.5", "product_id": "CSAFPID-46" }, { "name": "EOS version 4.24.2.2", "product_id": "CSAFPID-26" }, { "name": "EOS version 4.23.8", "product_id": "CSAFPID-18" }, { "name": "EOS version 4.24.1", "product_id": "CSAFPID-22" }, { "name": "EOS version 4.24.2.3", "product_id": "CSAFPID-27" }, { "name": "EOS version 4.23.10", "product_id": "CSAFPID-4" }, { "name": "EOS version 4.26.3", "product_id": "CSAFPID-6" }, { "name": "EOS version 4.24.4", "product_id": "CSAFPID-36" }, { "name": "EOS version 4.24.2.6", "product_id": "CSAFPID-30" }, { "name": "EOS version 4.23.7", "product_id": "CSAFPID-16" }, { "name": "EOS version 4.24.2.8", "product_id": "CSAFPID-32" }, { "name": "EOS version 4.23.4.2", "product_id": "CSAFPID-12" }, { "name": "EOS version 4.27.0", "product_id": "CSAFPID-1" }, { "name": "EOS version 4.23.5", "product_id": "CSAFPID-14" }, { "name": "EOS version 4.25.3", "product_id": "CSAFPID-43" }, { "name": "EOS version 4.25.3.1", "product_id": "CSAFPID-44" }, { "name": "EOS version 4.26.0.1", "product_id": "CSAFPID-49" }, { "name": "EOS version 4.24.2.9", "product_id": "CSAFPID-33" }, { "name": "EOS version 4.24.8", "product_id": "CSAFPID-2" }, { "name": "EOS version 4.23.4.3", "product_id": "CSAFPID-13" }, { "name": "EOS version 4.23.4", "product_id": "CSAFPID-10" }, { "name": "EOS version 4.24.1.1", "product_id": "CSAFPID-23" }, { "name": "EOS version 4.24.2.7", "product_id": "CSAFPID-31" }, { "name": "EOS version 4.24.7", "product_id": "CSAFPID-39" }, { "name": "EOS version 4.26.0", "product_id": "CSAFPID-48" }, { "name": "EOS version 4.23.2", "product_id": "CSAFPID-7" }, { "name": "EOS version 4.25.4", "product_id": "CSAFPID-45" }, { "name": "EOS version 4.24.5", "product_id": "CSAFPID-37" }, { "name": "EOS version 4.25.2", "product_id": "CSAFPID-42" }, { "name": "EOS version 4.23.9", "product_id": "CSAFPID-20" }, { "name": "EOS version 4.26.2.1", "product_id": "CSAFPID-52" }, { "name": "EOS version 4.24.6", "product_id": "CSAFPID-38" }, { "name": "EOS version 1.0.0", "product_id": "CSAFPID-5" }, { "name": "EOS version 4.24.3", "product_id": "CSAFPID-34" }, { "name": "EOS version 4.24.0", "product_id": "CSAFPID-21" }, { "name": "EOS version 4.24.2.4", "product_id": "CSAFPID-28" }, { "name": "EOS version 4.25.5.1", "product_id": "CSAFPID-47" }, { "name": "EOS version 4.23.2.1", "product_id": "CSAFPID-8" }, { "name": "EOS version 4.24.2.5", "product_id": "CSAFPID-29" }, { "name": "Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-53" }, { "name": "EOS version 4.23.8.1", "product_id": "CSAFPID-19" } ], "relationships": [ { "category": "installed_with", "full_product_name": { "name": "Version 4.23.3 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-56" }, "product_reference": "CSAFPID-9", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.26.0.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-96" }, "product_reference": "CSAFPID-49", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-69" }, "product_reference": "CSAFPID-22", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.7 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-86" }, "product_reference": "CSAFPID-39", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.3 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-74" }, "product_reference": "CSAFPID-27", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.3.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-91" }, "product_reference": "CSAFPID-44", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.3 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-81" }, "product_reference": "CSAFPID-34", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.6 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-62" }, "product_reference": "CSAFPID-15", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.8 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-65" }, "product_reference": "CSAFPID-18", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.4 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-75" }, "product_reference": "CSAFPID-28", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.4.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-58" }, "product_reference": "CSAFPID-11", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.7.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-64" }, "product_reference": "CSAFPID-17", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.5 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-93" }, "product_reference": "CSAFPID-46", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.0 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-87" }, "product_reference": "CSAFPID-40", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-71" }, "product_reference": "CSAFPID-24", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-72" }, "product_reference": "CSAFPID-25", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.26.2.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-99" }, "product_reference": "CSAFPID-52", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.8.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-66" }, "product_reference": "CSAFPID-19", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.4 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-92" }, "product_reference": "CSAFPID-45", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.26.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-98" }, "product_reference": "CSAFPID-51", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-54" }, "product_reference": "CSAFPID-7", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-89" }, "product_reference": "CSAFPID-42", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.5 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-84" }, "product_reference": "CSAFPID-37", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.5 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-61" }, "product_reference": "CSAFPID-14", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.5 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-76" }, "product_reference": "CSAFPID-29", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.9 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-67" }, "product_reference": "CSAFPID-20", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.1.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-70" }, "product_reference": "CSAFPID-23", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.0 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-68" }, "product_reference": "CSAFPID-21", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.4.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-59" }, "product_reference": "CSAFPID-12", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-88" }, "product_reference": "CSAFPID-41", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.3 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-90" }, "product_reference": "CSAFPID-43", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.4 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-57" }, "product_reference": "CSAFPID-10", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.2.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-55" }, "product_reference": "CSAFPID-8", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.7 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-78" }, "product_reference": "CSAFPID-31", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.7 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-63" }, "product_reference": "CSAFPID-16", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.3.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-82" }, "product_reference": "CSAFPID-35", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.23.4.3 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-60" }, "product_reference": "CSAFPID-13", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.9 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-80" }, "product_reference": "CSAFPID-33", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.2 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-73" }, "product_reference": "CSAFPID-26", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.25.5.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-94" }, "product_reference": "CSAFPID-47", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.26.0 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-95" }, "product_reference": "CSAFPID-48", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.6 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-85" }, "product_reference": "CSAFPID-38", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.6 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-77" }, "product_reference": "CSAFPID-30", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.2.8 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-79" }, "product_reference": "CSAFPID-32", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.24.4 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-83" }, "product_reference": "CSAFPID-36", "relates_to_product_reference": "CSAFPID-53" }, { "category": "installed_with", "full_product_name": { "name": "Version 4.26.1 with Hotfix SecurityAdvisoryShastaHotfix.swix 1.0", "product_id": "CSAFPID-97" }, "product_reference": "CSAFPID-50", "relates_to_product_reference": "CSAFPID-53" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-28503", "id": { "system_name": "Arista Bug ID", "text": "606686" }, "notes": [ { "category": "description", "text": "EAPI might bypass a username/password authentication when a certificate based authentication is being used via eAPI at the same time.", "title": "CVE Description" }, { "category": "other", "text": "EAPI is configured with a SSL profile and that SSL profile has trust user certificate configuration", "title": "606686: Required Config for Exploitation" } ], "product_status": { "first_affected": [ "CSAFPID-5" ], "first_fixed": [ "CSAFPID-54", "CSAFPID-55", "CSAFPID-56", "CSAFPID-57", "CSAFPID-58", "CSAFPID-59", "CSAFPID-60", "CSAFPID-61", "CSAFPID-62", "CSAFPID-63", "CSAFPID-64", "CSAFPID-65", "CSAFPID-66", "CSAFPID-67", "CSAFPID-68", "CSAFPID-69", "CSAFPID-70", "CSAFPID-71", "CSAFPID-72", "CSAFPID-73", "CSAFPID-74", "CSAFPID-75", "CSAFPID-76", "CSAFPID-77", "CSAFPID-78", "CSAFPID-79", "CSAFPID-80", "CSAFPID-81", "CSAFPID-82", "CSAFPID-83", "CSAFPID-84", "CSAFPID-85", "CSAFPID-86", "CSAFPID-87", "CSAFPID-88", "CSAFPID-89", "CSAFPID-90", "CSAFPID-91", "CSAFPID-92", "CSAFPID-93", "CSAFPID-94", "CSAFPID-95", "CSAFPID-96", "CSAFPID-97", "CSAFPID-98", "CSAFPID-99" ], "fixed": [ "CSAFPID-0", "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-6" ] }, "references": [ { "category": "external", "summary": "MITRE link", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28503" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.23.10", "product_ids": [ "CSAFPID-4" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.24.8", "product_ids": [ "CSAFPID-2" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.25.4.1", "product_ids": [ "CSAFPID-0" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.25.6", "product_ids": [ "CSAFPID-3" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.26.3", "product_ids": [ "CSAFPID-6" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.27.0", "product_ids": [ "CSAFPID-1" ] }, { "category": "none_available", "details": "Not fixed in EOS version 1.0.0", "product_ids": [ "CSAFPID-5" ] }, { "category": "mitigation", "details": "Remove user certificates from the SSL profile that used in eAPI" }, { "category": "mitigation", "details": "Hotfix: SecurityAdvisoryShastaHotfix.swix , 1.0, Hash: (SHA-512)d4f5221f8d5f3cceb74a61e733c570f326a5ade4d845f58929bd0902932218d8c9065675198c515cc194bcb2eaa8bc23ffe7136e91eedf478d23a1a0154138f9", "product_ids": [ "CSAFPID-40", "CSAFPID-14", "CSAFPID-22", "CSAFPID-35", "CSAFPID-46", "CSAFPID-37", "CSAFPID-51", "CSAFPID-44", "CSAFPID-19", "CSAFPID-29", "CSAFPID-11", "CSAFPID-21", "CSAFPID-34", "CSAFPID-48", "CSAFPID-36", "CSAFPID-38", "CSAFPID-32", "CSAFPID-30", "CSAFPID-47", "CSAFPID-49", "CSAFPID-45", "CSAFPID-12", "CSAFPID-25", "CSAFPID-43", "CSAFPID-10", "CSAFPID-16", "CSAFPID-20", "CSAFPID-26", "CSAFPID-33", "CSAFPID-9", "CSAFPID-7", "CSAFPID-8", "CSAFPID-31", "CSAFPID-24", "CSAFPID-13", "CSAFPID-23", "CSAFPID-39", "CSAFPID-41", "CSAFPID-15", "CSAFPID-28", "CSAFPID-42", "CSAFPID-52", "CSAFPID-17", "CSAFPID-27", "CSAFPID-50", "CSAFPID-18" ], "url": "https://www.arista.com/en/support/advisories-notices/sa-download/?sa=72-SecurityAdvisory0072Hotfix.swix" } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-1", "CSAFPID-0", "CSAFPID-6", "CSAFPID-5" ] } ], "title": "CVE-2021-28503" } ] }