Vulnerability Description
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arista | Mos | >= 0.13.0, <= 0.39.4 |
| Arista | 7130 | - |
| Arista | 7130-16G3S | - |
| Arista | 7130-48G3S | - |
| Arista | 7130-96S | - |
Related Weaknesses (CWE)
References
- https://www.arista.com/en/support/advisories-notices/security-advisory/18644-secVendor Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisory/18644-secVendor Advisory
FAQ
What is CVE-2023-24547?
CVE-2023-24547 is a vulnerability with a CVSS score of 5.9 (MEDIUM). On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authent...
How severe is CVE-2023-24547?
CVE-2023-24547 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-24547?
Check the references section above for vendor advisories and patch information. Affected products include: Arista Mos, Arista 7130, Arista 7130-16G3S, Arista 7130-48G3S, Arista 7130-96S.