CVE-2021-28498 – Arista MOS software stores user enable password... (How to Fix)

Q: What is the severity of CVE-2021-28498?

CVE-2021-28498 has a CVSS score of 8.7 (HIGH). Arista MOS software stores user enable passwords in clear text, allowing unprivileged users to gain complete system access. This affects Arista 7130 product line running vulnerable MOS versions. Attackers can escalate privileges to administrative control.

📋 TL;DR

Arista MOS software stores user enable passwords in clear text, allowing unprivileged users to gain complete system access. This affects Arista 7130 product line running vulnerable MOS versions. Attackers can escalate privileges to administrative control.

💻 Affected Systems

Products:

Arista 7130 product line

Versions: MOS-0.13 and post releases in MOS-0.1x train, MOS-0.26.6 and prior in MOS-0.2x train, MOS-0.31.1 and prior in MOS-0.3x train

Operating Systems: Arista Metamako Operating System (MOS)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where user enable passwords are configured. The vulnerability exists in password storage mechanism.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative access, enabling data theft, network manipulation, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation from limited user to full administrative control, allowing configuration changes and unauthorized access.

🟢

If Mitigated

Limited impact if proper access controls and monitoring prevent unauthorized users from accessing password storage.

🌐 Internet-Facing: MEDIUM - Requires initial access to system, but if exposed, could lead to full compromise.

🏢 Internal Only: HIGH - Internal users with any level of access could escalate to complete system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of user access to read clear text passwords. No public exploit code available but trivial for attackers with access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MOS-0.26.7+, MOS-0.31.2+, and later versions

Vendor Advisory: https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64

Restart Required: Yes

Instructions:

1. Check current MOS version. 2. Download appropriate patched version from Arista support portal. 3. Apply update following Arista upgrade procedures. 4. Restart system to activate fix.

🔧 Temporary Workarounds

Restrict User Access

all

Limit user accounts to only necessary personnel and implement least privilege access controls.

Monitor Password Access

all

Implement logging and monitoring for attempts to access password storage locations.

🧯 If You Can't Patch

Implement strict access controls to limit who can access the system
Monitor for privilege escalation attempts and review user activity logs regularly

🔍 How to Verify

Check if Vulnerable:

Check MOS version using 'show version' command and compare against affected versions list.

Check Version:

show version

Verify Fix Applied:

After patching, verify version is updated to patched release and test that enable passwords are no longer stored in clear text.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to password files
Privilege escalation events
Unexpected user privilege changes

Network Indicators:

Unusual administrative access patterns
Configuration changes from non-admin users

SIEM Query:

search 'user privilege escalation' OR 'unauthorized admin access' on affected Arista devices

📊 Metadata

CVE ID: CVE-2021-28498

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

CWE: CWE-255

Published: September 9, 2021

Last Updated: November 21, 2024

🔗 References

https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 Mitigation,Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/12912-security-advisory-64 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28498, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Metamako Operating System by Arista

Metamako Operating System by Arista

Metamako Operating System by Arista

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict User Access

Monitor Password Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities