CVE-2024-12378Cleartext Transmission of Sensitive Info in Networks Cloudvision Portal

CWE-319Cleartext Transmission of Sensitive Info3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 62.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks Cloudvision Portal
Timeline
PublishedMay 8

Description

On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

CVEListV5arista_networks/cloudvision_portal4.32.04.32.2F+5

🔴Vulnerability Details

2
CVEList
On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.2025-05-08
GHSA
GHSA-f369-84xf-vvxq: On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secur2025-05-08
CVE-2024-12378 — CRITICAL severity | cvebase