CVE-2021-28499
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-28499
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
凭证管理
Source: NVD (National Vulnerability Database)
Vulnerability Title
Arista Networks MOS 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arista Networks MOS是美国Arista Networks公司的一个完全可编程且高度模块化的基于Linux 的网络操作系统,使用熟悉的行业标准CLI,并在Arista 交换系列中运行单个二进制软件映像。 Arista Networks MOS 中存在加密问题漏洞,该漏洞源于产品未对用户账号密码进行有效加密导致用户账号密码会以明文形式展现给用户。 以下产品及版本受到影响:Arista 7130 Systems base on MOS。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Arista | Metamako Operating System | MOS-0.18 ~ MOS-0.18* | - |
II. Public POCs for CVE-2021-28499
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-28499
请登录查看更多情报信息。
Same Patch Batch · Arista · 2021-09-09 · 6 CVEs total
| CVE-2021-28494 | 9.6 CRITICAL | Arista Networks MOS 授权问题漏洞 |
| CVE-2021-28498 | 8.7 HIGH | Arista Networks MOS 安全漏洞 |
| CVE-2021-28493 | 8.4 HIGH | Arista Networks MOS 授权问题漏洞 |
| CVE-2021-28495 | 7.2 HIGH | Arista Networks MOS 授权问题漏洞 |
| CVE-2021-28497 | 4.4 MEDIUM | Arista Networks MOS 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: Arista
- CVE-2025-2767
Arista NG Firewall User-Agent Cross-Site Scripting Remote Co - CVE-2024-12831
Arista NG Firewall uvm_login Incorrect Authorization Privile - CVE-2024-12832
Arista NG Firewall ReportEntry SQL Injection Arbitrary File - CVE-2024-12830
Arista NG Firewall custom_handler Directory Traversal Remote - CVE-2024-12829
Arista NG Firewall ExecManagerImpl Command Injection Remote
Same weakness: CWE-255
- CVE-2021-37000
Huawei HarmonyOS Wearables安全漏洞 - CVE-2021-28509
TerminAttr streams MACsec sensitive data in clear text to ot - CVE-2021-28508
TerminAttr streams IPsec sensitive data in clear text to oth - CVE-2022-25327
Local Denial of Service in fscrypt PAM module - CVE-2020-8968
Parallels Remote Application Server credentials management e
V. Comments for CVE-2021-28499
No comments yet