CVE-2023-24547

EPSS 0.02%
Published 06.12.2023 00:15:07
Last modified 21.11.2024 07:48:05
Source psirt@arista.com
Teams watchlist Login
Open Login

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Arista ≫ Mos Version >= 0.13.0 <= 0.39.4

   Arista ≫ 7130 Version-
   Arista ≫ 7130-16g3s Version-
   Arista ≫ 7130-48g3s Version-
   Arista ≫ 7130-96s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.036

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@arista.com	5.9	0.7	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24547

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24547

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24547

EUVD