3.8
CVE-2025-3456
- EPSS 0.02%
- Veröffentlicht 25.08.2025 20:02:48
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@arista.com
- CVE-Watchlists
- Unerledigt
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerArista Networks
≫
Produkt
EOS
Default Statusunaffected
Version
4.34.0F
Status
affected
Version <=
4.33.3F
Version
4.33.0
Status
affected
Version <=
4.32.5M
Version
4.32.0
Status
affected
Version <=
4.31.7M
Version
4.31.0
Status
affected
Version <=
4.30.10M
Version
4.30.0
Status
affected
Version <=
4.29.10M
Version
4.29.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.046 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@arista.com | 3.8 | 2 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.