Lucene search

AristaCVELIST:CVE-2023-24547

HistoryDec 05, 2023 - 11:29 p.m.

CVE-2023-24547 On Arista MOS configuration of a BGP password will cause the password to be logged in clear text.

2023-12-0523:29:01

Arista

www.cve.org

cve-2023-24547

arista mos

bgp password

clear text

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

18.3%

JSON

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MOS",
    "vendor": "Arista Networks",
    "versions": [
      {
        "lessThanOrEqual": "0.39.4",
        "status": "affected",
        "version": "0.13.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVELIST:CVE-2023-24547