How severe is CVE-2021-28509?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-28509?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2021-28509 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.

Related Vulnerabilities

CVE-2021-28508

MEDIUM

CVSS:6.1(Medium)

CWE-2552021

CVE-2015-8675

MEDIUM

CVSS:6.2(Medium)

Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password informat...

CWE-2552015

CVE-2016-0049

MEDIUM

CVSS:6.2(Medium)

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate passwo...

CWE-2552016

CVE-2016-8918

MEDIUM

CVSS:5.9(Medium)

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.

CWE-2552016

CVE-2016-8962

MEDIUM

CVSS:5.9(Medium)

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

CWE-2552016

CVE-2019-4381

MEDIUM

CVSS:5.9(Medium)

IBM i 7.27.3 Clustering could allow a local attacker to obtain sensitive information, caused by the use of advanced node failure detection using the REST API to interface with the HMC. An attacker cou...

CWE-2552019