CVE-2021-28509: 
NixOS vulnerability analysis and mitigation

CVE-2021-28509 is a vulnerability discovered in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The vulnerability was disclosed on May 26, 2022, affecting Arista EOS and TerminAttr software versions. The vulnerability allows TerminAttr to leak MACsec sensitive data in clear text to CloudVision's authorized users or authorized gNMI clients (Arista Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.1 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N). It is classified under CWE-319 (Cleartext Transmission of Sensitive Information) and CWE-255 (Credentials Management Errors). The vulnerability requires both high privileges and user interaction to be exploited (NVD).

When exploited, this vulnerability could allow MACsec sensitive data to be leaked in clear text, potentially enabling authorized users to decrypt or modify MACsec traffic on the device. This impacts the confidentiality and integrity of the protected network traffic (Arista Advisory).

Temporary mitigation can be achieved by disabling the streaming agent on affected devices using the command 'daemon TerminAttr shutdown' for TerminAttr or 'management api gnmi no provider eos-native' for Octa. The permanent fix requires upgrading to remediated software versions: TerminAttr v1.10.11 and later releases, v1.16.8 and later releases in the v1.11.x-v1.16.x trains, or v1.19.2 and later releases in the v1.17.x-v1.19.x trains (Arista Advisory).