Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dcs\-7280sram\-48c6\-R_firmware
(Arista)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 1 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-20 | CVE-2020-9015 | Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices (and possibly other products) allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly permissive regular expression in the TACACS+ server permitted commands | Dcs\-7050cx3\-32s\-R_firmware, Dcs\-7050qx\-32s\-R_firmware, Dcs\-7280sram\-48c6\-R_firmware | 9.8 |