Description
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
- Attack Vector
- network
- Complexity
- high
- Privileges
- high
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-319
Metadata
- Primary Vendor
- ARISTA
- Published
- 12/6/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
arista : mos
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.