// For flags

CVE-2021-28504

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ...

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.

En los productos de la familia Arista Strata que tienen habilitada la funcionalidad "perfil TCAM", cuando la lista de acceso IPv4 del puerto presenta una regla que coincide con "vxlan" como protocolo, esa regla y las reglas posteriores (reglas declaradas después de ella en la ACL) no coinciden con el campo de protocolo IP como era esperado

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-16 CVE Reserved
  • 2022-04-01 CVE Published
  • 2023-10-23 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-710p-12
Search vendor "Arista" for product "Ccs-710p-12"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-710p-16p
Search vendor "Arista" for product "Ccs-710p-16p"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-24y6
Search vendor "Arista" for product "Ccs-720xp-24y6"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-24zy4
Search vendor "Arista" for product "Ccs-720xp-24zy4"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-48y6
Search vendor "Arista" for product "Ccs-720xp-48y6"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-48zc2
Search vendor "Arista" for product "Ccs-720xp-48zc2"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-96zc2
Search vendor "Arista" for product "Ccs-720xp-96zc2"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-722xpm-48y4
Search vendor "Arista" for product "Ccs-722xpm-48y4"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Ccs-722xpm-48zy8
Search vendor "Arista" for product "Ccs-722xpm-48zy8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7010tx-48
Search vendor "Arista" for product "Dcs-7010tx-48"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050cx3-32s
Search vendor "Arista" for product "Dcs-7050cx3-32s"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050cx3m-32s
Search vendor "Arista" for product "Dcs-7050cx3m-32s"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48c8
Search vendor "Arista" for product "Dcs-7050sx3-48c8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48yc12
Search vendor "Arista" for product "Dcs-7050sx3-48yc12"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48yc8
Search vendor "Arista" for product "Dcs-7050sx3-48yc8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-96yc8
Search vendor "Arista" for product "Dcs-7050sx3-96yc8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.26 < 4.26.4m
Search vendor "Arista" for product "Eos" and version " >= 4.26 < 4.26.4m"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050tx3-48c8
Search vendor "Arista" for product "Dcs-7050tx3-48c8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-710p-12
Search vendor "Arista" for product "Ccs-710p-12"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-710p-16p
Search vendor "Arista" for product "Ccs-710p-16p"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-24y6
Search vendor "Arista" for product "Ccs-720xp-24y6"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-24zy4
Search vendor "Arista" for product "Ccs-720xp-24zy4"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-48y6
Search vendor "Arista" for product "Ccs-720xp-48y6"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-48zc2
Search vendor "Arista" for product "Ccs-720xp-48zc2"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-720xp-96zc2
Search vendor "Arista" for product "Ccs-720xp-96zc2"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-722xpm-48y4
Search vendor "Arista" for product "Ccs-722xpm-48y4"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Ccs-722xpm-48zy8
Search vendor "Arista" for product "Ccs-722xpm-48zy8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7010tx-48
Search vendor "Arista" for product "Dcs-7010tx-48"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050cx3-32s
Search vendor "Arista" for product "Dcs-7050cx3-32s"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050cx3m-32s
Search vendor "Arista" for product "Dcs-7050cx3m-32s"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48c8
Search vendor "Arista" for product "Dcs-7050sx3-48c8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48yc12
Search vendor "Arista" for product "Dcs-7050sx3-48yc12"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-48yc8
Search vendor "Arista" for product "Dcs-7050sx3-48yc8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050sx3-96yc8
Search vendor "Arista" for product "Dcs-7050sx3-96yc8"
--
Safe
Arista
Search vendor "Arista"
Eos
Search vendor "Arista" for product "Eos"
>= 4.27 < 4.27.1f
Search vendor "Arista" for product "Eos" and version " >= 4.27 < 4.27.1f"
-
Affected
in Arista
Search vendor "Arista"
Dcs-7050tx3-48c8
Search vendor "Arista" for product "Dcs-7050tx3-48c8"
--
Safe