Overview
- Description
- On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.
- Source
- psirt@arista.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-319
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A"
},
{
"criteria": "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EFFA321D-F4A5-434C-BB39-D2B2687001D6"
},
{
"criteria": "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2"
},
{
"criteria": "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3264E086-4E90-41D0-8583-8FCF3CE4885D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "924F1DE2-DEEB-4CC8-97CA-8D9B5E53F4BF",
"versionEndIncluding": "0.39.4",
"versionStartIncluding": "0.13.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]