CVE-2021-28500: 
NixOS vulnerability analysis and mitigation

CVE-2021-28500 is a security vulnerability discovered in Arista EOS (Extensible Operating System) where incorrect use of EOS's AAA API's by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. The vulnerability was discovered and reported by Miles Sutcliffe and was disclosed on January 11th, 2022 (Arista Advisory).

The vulnerability has a CVSSv3.1 Base Score of 9.1 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. The issue occurs when OpenConfig gNMI/gNOI is enabled or when OpenConfig RESTCONF is enabled, combined with disabled password remote login authentication and the existence of a local user configured with nopassword (Arista Advisory).

The vulnerability allows unauthorized users to gain unrestricted access to affected Arista devices, potentially compromising network security and device management. This could lead to unauthorized configuration changes and system access (Arista Advisory).

Several mitigation options are available: 1) Disable affected agents including OpenConfig gNMI/gNOI and OpenConfig RESTCONF, 2) Enforce passwords for local users or remove users configured with nopassword, 3) Upgrade to remediated versions including 4.26.2F and later, 4.25.5M and later, 4.24.7M and later, or 4.23.9M and later. A hotfix employing a proxy service is also available for immediate remediation (Arista Advisory).