nvd-json-data-feeds/CVE-2021/CVE-2021-284xx/CVE-2021-28497.json

{
  "id": "CVE-2021-28497",
  "sourceIdentifier": "psirt@arista.com",
  "published": "2021-09-09T13:15:09.210",
  "lastModified": "2021-09-22T16:50:45.040",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"
    },
    {
      "lang": "es",
      "value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, el shell bash podr\u00eda ser accesible a usuarios no privilegiados en situaciones en las que no deber\u00edan tener acceso. Este problema afecta a: Sistema Operativo Metamako de Arista Todas las versiones MOS-0.1x train MOS-0.26.6 y versiones inferiores en MOS-0.2x train MOS-0.31.1 y versiones inferiores en MOS-0.3x train"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      },
      {
        "source": "psirt@arista.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "psirt@arista.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.26.6",
              "matchCriteriaId": "2EB89E3B-DBD9-433C-BF75-DF055380A9F6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:arista:metamako_operating_system:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "0.31.0",
              "versionEndExcluding": "0.32.0",
              "matchCriteriaId": "C66AFCAE-47B5-47D5-96AF-C0986611A4C0"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",
      "source": "psirt@arista.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2021-28497",`
			`"sourceIdentifier": "psirt@arista.com",`
			`"published": "2021-09-09T13:15:09.210",`
			`"lastModified": "2021-09-22T16:50:45.040",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations where they should not have access. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train"`
			`},`
			`{`
			`"lang": "es",`
			`"value": "En el software MOS (Sistema Operativo Metamako) de Arista, que es compatible con la l\u00ednea de productos 7130, en determinadas condiciones, el shell bash podr\u00eda ser accesible a usuarios no privilegiados en situaciones en las que no deber\u00edan tener acceso. Este problema afecta a: Sistema Operativo Metamako de Arista Todas las versiones MOS-0.1x train MOS-0.26.6 y versiones inferiores en MOS-0.2x train MOS-0.31.1 y versiones inferiores en MOS-0.3x train"`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 5.9`
			`},`
			`{`
			`"source": "psirt@arista.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 4.4,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 2.5`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",`
			`"accessVector": "LOCAL",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "PARTIAL",`
			`"baseScore": 4.6`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 6.4,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "NVD-CWE-Other"`
			`}`
			`]`
			`},`
			`{`
			`"source": "psirt@arista.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-264"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:arista:metamako_operating_system::::::::",`
			`"versionEndIncluding": "0.26.6",`
			`"matchCriteriaId": "2EB89E3B-DBD9-433C-BF75-DF055380A9F6"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:arista:metamako_operating_system::::::::",`
			`"versionStartIncluding": "0.31.0",`
			`"versionEndExcluding": "0.32.0",`
			`"matchCriteriaId": "C66AFCAE-47B5-47D5-96AF-C0986611A4C0"`
			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:arista:7130:-:::::::*",`
			`"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12913-security-advisory-65",`
			`"source": "psirt@arista.com",`
			`"tags": [`
			`"Mitigation",`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`