cvelist/2021/28xxx/CVE-2021-28497.json

{
    "impact": {
        "cvss": {
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "privilegesRequired": "LOW",
            "baseSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "baseScore": 4.4,
            "availabilityImpact": "LOW",
            "version": "3.1",
            "scope": "UNCHANGED",
            "integrityImpact": "LOW",
            "confidentialityImpact": "NONE"
        }
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
            }
        ]
    },
    "data_type": "CVE",
    "source": {
        "discovery": "INTERNAL"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Metamako Operating System",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Arista 7130 Systems running MOS",
                                            "version_name": "MOS-0.26.7",
                                            "version_affected": "<",
                                            "version_value": "MOS-0.16.7"
                                        },
                                        {
                                            "platform": "Arista 7130 Systems running MOS",
                                            "version_name": "MOS-0.32.0",
                                            "version_affected": "<",
                                            "version_value": "MOS-0.32.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Arista"
                }
            ]
        }
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "data_format": "MITRE",
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                ]
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
        },
        {
            "lang": "eng",
            "value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
        }
    ],
    "data_version": "4.0",
    "references": {
        "reference_data": [
            {
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",
                "refsource": "MISC",
                "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
            }
        ]
    },
    "CVE_data_meta": {
        "STATE": "PUBLIC",
        "ID": "CVE-2021-28497",
        "ASSIGNER": "psirt@arista.com"
    }
}
"-Synchronized-Data." 2021-03-16 15:00:44 +00:00			`{`
"-Synchronized-Data." 2021-09-09 13:00:51 +00:00			`"impact": {`
			`"cvss": {`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"privilegesRequired": "LOW",`
			`"baseSeverity": "MEDIUM",`
			`"userInteraction": "NONE",`
			`"baseScore": 4.4,`
			`"availabilityImpact": "LOW",`
			`"version": "3.1",`
			`"scope": "UNCHANGED",`
			`"integrityImpact": "LOW",`
			`"confidentialityImpact": "NONE"`
			`}`
"-Synchronized-Data." 2021-03-16 15:00:44 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2021-09-09 13:00:51 +00:00			`"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"`
			`}`
			`]`
			`},`
			`"data_type": "CVE",`
			`"source": {`
			`"discovery": "INTERNAL"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Metamako Operating System",`
			`"version": {`
			`"version_data": [`
			`{`
			`"platform": "Arista 7130 Systems running MOS",`
			`"version_name": "MOS-0.26.7",`
			`"version_affected": "<",`
			`"version_value": "MOS-0.16.7"`
			`},`
			`{`
			`"platform": "Arista 7130 Systems running MOS",`
			`"version_name": "MOS-0.32.0",`
			`"version_affected": "<",`
			`"version_value": "MOS-0.32.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Arista"`
			`}`
			`]`
			`}`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"data_format": "MITRE",`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-264 Permissions, Privileges, and Access Controls"`
			`}`
			`]`
"-Synchronized-Data." 2021-03-16 15:00:44 +00:00			`}`
			`]`
"-Synchronized-Data." 2021-09-09 13:00:51 +00:00			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"`
			`},`
			`{`
			`"lang": "eng",`
			`"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"`
			`}`
			`],`
			`"data_version": "4.0",`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",`
			`"refsource": "MISC",`
			`"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"`
			`}`
			`]`
			`},`
			`"CVE_data_meta": {`
			`"STATE": "PUBLIC",`
			`"ID": "CVE-2021-28497",`
			`"ASSIGNER": "psirt@arista.com"`
"-Synchronized-Data." 2021-03-16 15:00:44 +00:00			`}`
			`}`