CVE-2022-29071 — MEDIUM (4.0)

Q: How severe is CVE-2022-29071?

CVE-2022-29071 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-29071?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Cloudvision Portal.

Vulnerability Description

This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.

CVSS Score

4.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Arista	Cloudvision Portal	>= 2020.2.0, <= 2022.1.0

Related Weaknesses (CWE)

CWE-532 CWE-200

References

https://www.arista.com/en/support/advisories-notices/security-advisory/15865-secVendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/15865-secVendor Advisory

FAQ

What is CVE-2022-29071?

CVE-2022-29071 is a vulnerability with a CVSS score of 4.0 (MEDIUM). This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked i...

How severe is CVE-2022-29071?

CVE-2022-29071 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29071?

Check the references section above for vendor advisories and patch information. Affected products include: Arista Cloudvision Portal.