admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-09-09 13:00:51 +00:00
parent aa00057639
commit 581b38b744
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 789 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
2020/7xxx/CVE-2020-7873.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "K-System WellComm",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_name": "1.1, 4.0",
"version_value": "1.1, 4.0"
}
]
}
}
]
},
"vendor_name": "Younglimwon Co., Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36233",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36233"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

82
2020/7xxx/CVE-2020-7874.json
View File

@ -1,18 +1,88 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7874",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "NEXACRO14 Runtime arbitrary file download and execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NEXACRO14",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "<",
"version_name": "14.0.1.3600",
"version_value": "14.0.1.3600"
}
]
}
}
]
},
"vendor_name": "TOBESOFT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

94
2021/26xxx/CVE-2021-26608.json
View File

@ -1,18 +1,100 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26608",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "handysoft groupware arbitrary file download and execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HShell.dll",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "=",
"version_name": "1.7.4.5",
"version_value": "1.7.4.5"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "2.0.3.5",
"version_value": "2.0.3.5"
},
{
"platform": "Windows",
"version_affected": "=",
"version_name": "4.0.1.6",
"version_value": "4.0.1.6"
}
]
}
}
]
},
"vendor_name": "handysoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-353 Missing Support for Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

91
2021/28xxx/CVE-2021-28493.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"privilegesRequired": "LOW",
"baseSeverity": "HIGH",
"userInteraction": "NONE",
"baseScore": 8.4,
"availabilityImpact": "HIGH",
"version": "3.1",
"scope": "CHANGED",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.33.0",
"version_affected": "<",
"version_value": "MOS-0.33.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.33.0\n"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12915-security-advisory-67"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28493",
"ASSIGNER": "psirt@arista.com"
}
}

91
2021/28xxx/CVE-2021-28494.json
View File

@ -1,18 +1,93 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"privilegesRequired": "LOW",
"baseSeverity": "CRITICAL",
"userInteraction": "NONE",
"baseScore": 9.6,
"availabilityImpact": "HIGH",
"version": "3.1",
"scope": "CHANGED",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.35.0",
"version_affected": "<",
"version_value": "MOS-0.35.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.35.0\n"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12916-security-advisory-68"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28494",
"ASSIGNER": "psirt@arista.com"
}
}

107
2021/28xxx/CVE-2021-28495.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28495",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"privilegesRequired": "NONE",
"baseSeverity": "HIGH",
"userInteraction": "NONE",
"baseScore": 7.2,
"availabilityImpact": "LOW",
"version": "3.1",
"scope": "CHANGED",
"integrityImpact": "LOW",
"confidentialityImpact": "NONE"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.13",
"version_affected": ">=",
"version_value": "MOS-0.13"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.26.7",
"version_affected": "<",
"version_value": "MOS-0.26.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.32.0",
"version_affected": "<",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "eng",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12914-security-advisory-66"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28495",
"ASSIGNER": "psirt@arista.com"
}
}

101
2021/28xxx/CVE-2021-28497.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28497",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"privilegesRequired": "LOW",
"baseSeverity": "MEDIUM",
"userInteraction": "NONE",
"baseScore": 4.4,
"availabilityImpact": "LOW",
"version": "3.1",
"scope": "UNCHANGED",
"integrityImpact": "LOW",
"confidentialityImpact": "NONE"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.26.7",
"version_affected": "<",
"version_value": "MOS-0.16.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.32.0",
"version_affected": "<",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "eng",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28497",
"ASSIGNER": "psirt@arista.com"
}
}

107
2021/28xxx/CVE-2021-28498.json
View File

@ -1,18 +1,109 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"privilegesRequired": "LOW",
"baseSeverity": "HIGH",
"userInteraction": "NONE",
"baseScore": 8.7,
"availabilityImpact": "HIGH",
"version": "3.1",
"scope": "CHANGED",
"integrityImpact": "HIGH",
"confidentialityImpact": "LOW"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to the systems. This issue affects: Arista Metamako Operating System MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and prior releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.13",
"version_affected": ">=",
"version_value": "MOS-0.13"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.26.7",
"version_affected": "<",
"version_value": "MOS-0.26.7"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.32.0",
"version_affected": "<",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.26.7 or MOS-0.32.0\n"
},
{
"lang": "eng",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28498",
"ASSIGNER": "psirt@arista.com"
}
}

101
2021/28xxx/CVE-2021-28499.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-28499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"impact": {
"cvss": {
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"privilegesRequired": "LOW",
"baseSeverity": "MEDIUM",
"userInteraction": "NONE",
"baseScore": 6.3,
"availabilityImpact": "LOW",
"version": "3.1",
"scope": "CHANGED",
"integrityImpact": "LOW",
"confidentialityImpact": "LOW"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects: Arista Metamako Operating System MOS-0.18 and post releases in the MOS-0.1x train All releases in the MOS-0.2x train MOS-0.31.1 and prior releases in the MOS-0.3x train"
}
]
},
"data_type": "CVE",
"source": {
"discovery": "INTERNAL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metamako Operating System",
"version": {
"version_data": [
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.18",
"version_affected": ">=",
"version_value": "MOS-0.18"
},
{
"platform": "Arista 7130 Systems running MOS",
"version_name": "MOS-0.32.0",
"version_affected": "<",
"version_value": "MOS-0.32.0"
}
]
}
}
]
},
"vendor_name": "Arista"
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-255 Credentials Management"
}
]
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to MOS-0.32.0\n"
},
{
"lang": "eng",
"value": "Install hotfix stored at https://www.arista.com/assets/data/SecurityAdvisories/SA64-67/SecurityAdvisory64-67-Hotfix-mos-1818-2.0.0-1.11.core2_64.rpm\nFor detailed information about hotfix installation, please see the advisory https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
],
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64",
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64"
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ID": "CVE-2021-28499",
"ASSIGNER": "psirt@arista.com"
}
}