CVE-2021-28506: 
NixOS vulnerability analysis and mitigation

CVE-2021-28506 is a security vulnerability discovered in Arista EOS (Extensible Operating System) where certain gNOI (gRPC Network Operations Interface) APIs incorrectly skip authorization and authentication processes. The vulnerability was disclosed on January 11th, 2022, affecting multiple versions of Arista EOS software from version 4.24.2F through 4.26.2F. The vulnerability received a CVSSv3.1 Base Score of 9.1 (Critical) (Arista Advisory).

The vulnerability stems from a critical authentication bypass in gNOI APIs implementation where certain interfaces fail to properly validate user authentication and authorization. This could potentially allow unauthorized access to critical system functions. The vulnerability has been assigned a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and high impact on integrity and availability (Arista Advisory).

The vulnerability could potentially allow an attacker to perform a factory reset of the device without proper authorization. This poses a significant risk to network infrastructure as it could lead to service disruption and loss of device configuration (Arista Advisory).

As an immediate mitigation, Arista recommends either disabling the affected agents or upgrading to remediated software versions. The vulnerability has been fixed in EOS versions 4.26.3M and later, 4.25.6M and later, 4.25.4.1M and later, and 4.24.8M and later. Additionally, a hotfix employing a proxy service (OpenConfigProxy) is available for immediate remediation until EOS can be upgraded (Arista Advisory).