CVE-2023-24547Cleartext Transmission of Sensitive Info in Networks MOS

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
6.5MEDIUMNVD
CNA5.9
EPSS
0.0%
top 95.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arista Networks MOSArista MOS
Timeline
PublishedDec 6

Description

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDarista/mos0.13.00.39.4
CVEListV5arista_networks/mos0.13.00.39.4

🔴Vulnerability Details

2
GHSA
GHSA-p4r9-xg4m-74hx: On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed2023-12-06
CVEList
On Arista MOS configuration of a BGP password will cause the password to be logged in clear text.2023-12-05
CVE-2023-24547 — Arista Networks MOS vulnerability | cvebase