{"containers": {"cna": {"affected": [{"platforms": ["Arista 7130 Systems running MOS"], "product": "Metamako Operating System", "vendor": "Arista", "versions": [{"lessThan": "MOS-0.16.7", "status": "affected", "version": "MOS-0.26.7", "versionType": "custom"}, {"lessThan": "MOS-0.32.0", "status": "affected", "version": "MOS-0.32.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-09T12:41:37", "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"}], "solutions": [{"lang": "en", "value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"}, {"lang": "en", "value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@arista.com", "ID": "CVE-2021-28497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Metamako Operating System", "version": {"version_data": [{"platform": "Arista 7130 Systems running MOS", "version_affected": "<", "version_name": "MOS-0.26.7", "version_value": "MOS-0.16.7"}, {"platform": "Arista 7130 Systems running MOS", "version_affected": "<", "version_name": "MOS-0.32.0", "version_value": "MOS-0.32.0"}]}}]}, "vendor_name": "Arista"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264 Permissions, Privileges, and Access Controls"}]}]}, "references": {"reference_data": [{"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65", "refsource": "MISC", "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"}]}, "solution": [{"lang": "en", "value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"}, {"lang": "en", "value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:47:32.634Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"}]}]}, "cveMetadata": {"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "assignerShortName": "Arista", "cveId": "CVE-2021-28497", "datePublished": "2021-09-09T12:41:37", "dateReserved": "2021-03-16T00:00:00", "dateUpdated": "2024-08-03T21:47:32.634Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EB89E3B-DBD9-433C-BF75-DF055380A9F6", "versionEndIncluding": "0.26.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C66AFCAE-47B5-47D5-96AF-C0986611A4C0", "versionEndExcluding": "0.32.0", "versionStartIncluding": "0.31.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"}, {"lang": "es", "value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, el shell bash podr\u00eda ser accesible a usuarios no privilegiados en situaciones en las que no deber\u00edan tener acceso. Este problema afecta a: Sistema Operativo Metamako de Arista Todas las versiones MOS-0.1x train MOS-0.26.6 y versiones inferiores en MOS-0.2x train MOS-0.31.1 y versiones inferiores en MOS-0.3x train"}], "id": "CVE-2021-28497", "lastModified": "2024-11-21T05:59:47.043", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "psirt@arista.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-09T13:15:09.210", "references": [{"source": "psirt@arista.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "psirt@arista.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}