CVE-2023-24547

{"id": "CVE-2023-24547", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-12-06T00:15:07.030", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090", "tags": ["Vendor Advisory"], "source": "psirt@arista.com"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18644-security-advisory-0090", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device\u2019s running config. \n"}, {"lang": "es", "value": "En las plataformas afectadas que ejecutan Arista MOS, la configuraci\u00f3n de una contrase\u00f1a BGP har\u00e1 que la contrase\u00f1a se registre en texto plano que los usuarios autenticados pueden revelar en registros locales o servidores de registro remotos, adem\u00e1s de aparecer en texto plano en la configuraci\u00f3n en ejecuci\u00f3n del dispositivo."}], "lastModified": "2024-11-21T07:48:05.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:arista:mos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924F1DE2-DEEB-4CC8-97CA-8D9B5E53F4BF", "versionEndIncluding": "0.39.4", "versionStartIncluding": "0.13.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arista:7130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D832798-DA45-4F9E-AA31-5D088253A28A"}, {"criteria": "cpe:2.3:h:arista:7130-16g3s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFFA321D-F4A5-434C-BB39-D2B2687001D6"}, {"criteria": "cpe:2.3:h:arista:7130-48g3s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2BE67B8-F326-48B7-AB82-04FE8C2E37E2"}, {"criteria": "cpe:2.3:h:arista:7130-96s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3264E086-4E90-41D0-8583-8FCF3CE4885D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@arista.com"}