CVE-2023-24547

Summary

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksMOS0.13.0 <= 0.39.4affected

Weaknesses

  • cwe-212

Workarounds

No mitigation exists.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References