Lucene search

[email protected]CVE-2023-24547

HistoryDec 06, 2023 - 12:15 a.m.

CVE-2023-24547

2023-12-0600:15:07

CWE-319

[email protected]

web.nvd.nist.gov

arista mos

bgp

password

clear text

logging

security vulnerability

nvd

cve-2023-24547

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

Affected configurations

NVD

Node

arista7130Match-

arista7130-16g3sMatch-

arista7130-48g3sMatch-

arista7130-96sMatch-

AND

aristamosRange0.13.0–0.39.4

CPENameOperatorVersion
arista:mosarista mosle0.39.4

CPE	Name	Operator	Version
arista:mos	arista mos	le	0.39.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MOS",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "0.39.4",
        "status": "affected",
        "version": "0.13.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVE-2023-24547

cvelist1 prion1 nvd1 arista1