Vulnerability Description
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Eos | >= 4.26, < 4.26.4m |
| Arista | Ccs-710P-12 | - |
| Arista | Ccs-710P-16P | - |
| Arista | Ccs-720Xp-24Y6 | - |
| Arista | Ccs-720Xp-24Zy4 | - |
| Arista | Ccs-720Xp-48Y6 | - |
| Arista | Ccs-720Xp-48Zc2 | - |
| Arista | Ccs-720Xp-96Zc2 | - |
| Arista | Ccs-722Xpm-48Y4 | - |
| Arista | Ccs-722Xpm-48Zy8 | - |
| Arista | Dcs-7010Tx-48 | - |
| Arista | Dcs-7050Cx3-32S | - |
| Arista | Dcs-7050Cx3M-32S | - |
| Arista | Dcs-7050Sx3-48C8 | - |
| Arista | Dcs-7050Sx3-48Yc12 | - |
| Arista | Dcs-7050Sx3-48Yc8 | - |
| Arista | Dcs-7050Sx3-96Yc8 | - |
| Arista | Dcs-7050Tx3-48C8 | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisories/15267-sMitigationVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/15267-sMitigationVendor Advisory
FAQ
What is CVE-2021-28504?
CVE-2021-28504 is a vulnerability with a CVSS score of 7.5 (HIGH). On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declar...
How severe is CVE-2021-28504?
CVE-2021-28504 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28504?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Eos, Arista Ccs-710P-12, Arista Ccs-710P-16P, Arista Ccs-720Xp-24Y6, Arista Ccs-720Xp-24Zy4.