CVE-2025-0936

{"id": "CVE-2025-0936", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-05-07T23:15:53.010", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117", "source": "psirt@arista.com"}, {"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21394-security-advisory-0117", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-256"}]}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc)."}, {"lang": "es", "value": "En las plataformas afectadas que ejecutan Arista EOS con un transporte gNMI habilitado, ejecutar la RPC gNOI File TransferToRemote con credenciales para un servidor remoto puede provocar que estas credenciales del servidor remoto se registren o contabilicen en el dispositivo EOS local o posiblemente en otros servidores de contabilidad remotos (es decir, TACACS, RADIUS, etc.)."}], "lastModified": "2025-05-08T14:39:09.683", "sourceIdentifier": "psirt@arista.com"}